Fake UPS Delivery Notifications Spread Scareware

Security researchers from Sophos have intercepted spam emails posing as fake United Parcel Service (UPS) delivery notifications that distribute scareware.

The rogue emails bear subjects of the form "United Parcel Service notification #90294" and have spoofed headers to appear as originating from @ups.com email addresses.

The email body contains an HTML template with a message that reads: "Parcel notification. The parcel was sent to your home adress [sic.]. And it will arrive within 3 buisness [sic.] days. More information and the parcel tracking number are attached in the document below. Thank you."

The attachment is called UPS_Document.zip and in reality it contains the installer for a piece of scareware detected by Sophos as Mal/FakeAV-LI.

Such malicious programs pose as fake security applications and flood people's desktops with bogus security alerts that claim their computers are infected.

These scare tactics are intended to convince users to buy licenses for the program in the hope that it will clean the fictitious infections.

Fake delivery notifications are a common social engineering attack to infect users with all types of malware or direct them to malicious websites.

The brand names of virtually all major parcel delivery services, including UPS, DHL, FedEx, and USPS, have been abused in similar. compaigns. Unfortunately, their constant remergence suggests that there are still many people who fall for such tricks.

"At UPS, we take fraud seriously. We investigate fraud or misrepresentation of our services, information tools and brand using the Internet. Fraud on the Internet is a continuing global issue, so we post fraud protection information directly on our home pages around the world to advise customers," said UPS spokeswoman Debbie Curtis-Magley.

Users should be aware that UPS doesn't send delivery notification emails with attachments. When in doubt, it's always best to call the company's office and ask about the package directly.