Sophos Detects Spam Mails Supposedly from UPS

According to investigators at Sophos, the security company, spam mails that pose as communication from UPS (United Parcel Service), the widely used package delivery firm, are currently circulating online.

Displaying the subject line "United Parcel Service notification #90294," the fake electronic mails' sender's address is spoofed to seem like coming from @ups.com.

Also, there's an HTML template in the message body of the e-mail, which notifying the recipient about a package, states that it was dispatched at his residential address. Thereafter the e-mail states that the package will come in three working days, while an attached document provides the number to trace the same as also it furnishes additional information.

Says Sophos, the attachment bears the name UPS_Document.zip, which contains rogue anti-virus software detected as Mal/FakeAV-LI.

The security company explains that the above kind of malevolent software pretend to be security programs while inundate end-users' PCs with false malware warnings that assert that there are infections on their systems. Using such scare tactics, the perpetrators persuade users for purchasing the software's licenses as the latter anticipate that the software would remove the contaminations that actually never existed.

Moreover, remarking about the said assault, Senior Technology Consultant Graham Cluley at Sophos stated that whenever anybody sent an end-user a parcel, he provided that person's postal mail address to the delivery firm, but possibly not his e-mail id. Therefore, Cluley suggested that users should be skeptical about electronic mails, which delivery firms supposedly sent suddenly. Msnbc.msn.com published this during the 2nd-week of June 2011.

In the meantime, UPS stated that there was the constant problem of its service's misrepresentation as well as fraud; consequently, it posted PC-virus alerts and fraud prevention on its website.

An UPS Spokesperson stated that his company might dispatch formal notification e-mails; however, hardly ever any attachment. So an unsolicited e-mail could be forwarded straight away at fraud@ups.com, reported msnbc.msn.com.

In conclusion the Spokesperson said that users mustn't view attachments rather they must erase the messages post their forwarding, adding that UPS functioned with national and local authorities as also took part within a task force related to Internet fraud.

Related article: Spike in Attacks Causes Early Release of Windows Patch

» SPAMfighter News - 6/23/2011