Thursday, December 27, 2012

'UPS Delivery Confirmation Failed' Spam Leads to Drive-by-Download Attacks

UPS LogoBe careful not to click on any links within emails purporting to be from UPS claiming that a delivery confirmation failed.

Webroot researchers warn that spammers are up to their old tricks and are widely-spamming out fraudulent UPS notices to drive users to malicious websites serving malware.

Here’s a copy of the email currently being sent out:

UPS Delivery Confirmation Failed
Screenshot Credit: Webroot



UPS – Your UPS Team

Good Morning,

Dear Client, DELIVERY CONFIRMATION: FAILED

Track your Shipment now!

Pack it. Ship ip. No calculating , Your UPS Team.

According to Webroot, recipients that click on a link within the email will be taken to a third-party website hosting the infamous BlackHole exploit kit, which will attempt to exploit system vulnerabilities in order to plant malware on the visiting machine.

What to Do with UPS Spam


If you receive an email similar to the one below, it is strongly recommended that you:

  • Do NOT click on any hyperlinks within the email.

  • Report the email to UPS by forwarding it to fraud@ups.com (be sure to include the full headers).

  • Delete the email immediately.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

No comments:

Post a Comment