UPS spam Emails

In January 2010, two of my clients received an email from UPS a few days apart. They were both expecting a delivery and clicked the attachment to the email.
Sure enough, they infected their computer immediately.
Generally, UPS will not email clients unless they have signed up for such a service.  As a general rule, when receiving such emails please be exceptionally cautious about clicking the links or opening attachments.
If in doubt – don’t click on links or open attachments!
Even if the email says it is from UPS and it shows what looks to be like a genuine sender email address, most infected mails are not originating from the given sender address.
(A) Protect yourself from these nasty emails by using a good spam filter in addition to the Outlook standard junk filter. I find that between Outlook 2007 junk mail filter and Cloudmark, I do not receive any junk in my inbox.
(B) Pay attention to links by moving the mouse over the link. Outlook 2007 will then show you the real link underneath it. If the link looks completely unrelated, it is probably a dangerous link.
(C) You can even copy and paste some of the text into google to see what comes up. If it is fake, there should be ample hits to show you this.
(D) Ensure you have adequate antivirus and anti spyware protection and ensure it is regularly updated!
Examples of anti virus programs are:
AVG is free
Antivir is free
Avast is free
Antispyware: Spyware doctor is  £29.95 per year, although it drops to £25.46 with discount code friedman15 and you can purchase registry mechanic for with it for an additional £19.95
(E) Finally, pay attention to detail. If the English does not look right, they do not have your full name spelt correctly, punctuation looks awful, layout of images look unprofessional – the is likely to be fake!
Below are ten examples of phishing / spam / virus emails that I have saw in Jan 2010:
1. HSBC Phishing email – I have not included the full link but when you hover over the link, it is clearly pointing to a completely different domain name.
This e-mail has been sent to you by Hsbc UK to inform you that we were unable to verify your account details. This might be due to either of the following reasons:
1. A recent change in your personal information. (eg: address, phone)
2. Submitting incorrect information during registration process.
Due to this, to ensure that your banking service is not interrupted, we request you to confirm and update your information today by following the link below
If you have already confirmed your information then please disregard this message.
Hsbc Uk member services
2. Amazon fake email – once again, if you hover over the link (not included here) it will show you a completely unrelated domain name.
Your Order s/n:20625309073130 Accepted.
Thank you, Support
3. Amazon – fake email with virus attachment – even the way it is worded it is clearly not genuine as with all these emails – layout, punctuation and use of language generally points to being fake.
Thank you for shopping at
We have successfully received your payment.
Your order has been shipped to your billing address.
You have ordered ” Compaq CQ2009F “
You can find your tracking number in attached to the e-mail  document.
Print the postal label to get your package.
We hope you enjoy your order!
4. UPS email example – with a fake zip attachment containing a Backdoor.Trojan
Dear customer!
Unfortunately we failed to deliver the postal package you have sent on the 28th of December in time because the recipient’s address is inexact.
Please print out the invoice copy attached and collect the package at our office.
United Parcel Service of America.
5. Random spam with a link sending you to a random webpage
Is this photo yours?
Issac Gilmore
6. Another example of a random spam email
Please tell me is this photo yours?!
Ronald Feliciano
7. Inland revenue spam email

Taxpayer ID: debil-00000344068277UK
Issue: Unreported/Underreported Income (Fraud Application)
Please review your tax statement on HM Revenue and Customs (HMRC) website (click on the link below):
review tax statement for taxpayer id: debil-00000344068277UK
HM Revenue and Customs
8. Facebook fake email – It looks pretty genuine and even quotes the email address properly. However a google search of the text leads to many hits explaining that the link takes you to a page which tried to get you to download a virus.
Dear Facebook user,
In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users. These changes will offer new features and increased account security.
Before you are able to use the new login system, you will be required to update your account.
Click here to update your account online now.
If you have any questions, reference our New User Guide.
The Facebook Team
9. Another Fake Amazon email that looks quite authentic but hovering the mouse over shows a different domain name.
As a customer of we require an update on your account information. Under the UK Data Protection Act 1998, we follow strict security procedures in the storage of information which you have given us. In order to prevent closure of your account, we request you validate your account information with us. This only has to be done once and will be verified within 24 hours. Please note that failure to comply with our request may result in a temporary suspension of your account.
The information you enter will be transferred to our Accounts Department for the purposes of processing by By submitting your information, you consent to this transfer.
10. Fake email regarding National Lottery -If you play the lottery with an online account I think the National Lottery would call you by telephone! The email address below is clearly nothing to do with National lottery and they are just trying to get some valuable details from you before they start a dialogue to get access to your bank accounts!
Congratulations, your email address have won the sum of 600,000.00 GBP in the just concluded United Kingdom
National Lottery Online program.
For detailed information on how to file your claim, kindly contact our Foreign Service Directorate Mr John Mark with the following information:
1. Name in full…2.Phone/Fax… 3.Occupation…4.Address in full…5.Nationality…6.Email Address…
Phone: +44 701-113- 6260

3 Responses to “UPS spam Emails”

  1. Framkalla Says:

    Hey, that was definitely an awesome read.

  2. fatih Says:

    Firstly thanks for this,

    I’ve same problem (4. UPS email ) and can not remove this fake message trojan. Becouse I clicked on .exe file. Used Malwarebyte,Spybot in safe mode but didn’t work. What can I do to remove this trojan?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: