More Fake UPS Invoice Attacks

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Gift Another variant of the shipping invoice attacks has emerged and should be avoided. AV protection is improving and folks expecting actual shipments should always use the phone instead email for contacting their shipping company, if there are any issues.

More Fake UPS Invoice Attacks
http://isc.sans.org/diary.html?storyid=5051

We received two reports of fake UPS invoice tracking Trojan zip files. This is similar to other invoice Trojans we have seen. This appears to be a two way conversation it was really just the spammer who created the whole thing.

EXAMPLE OF EMAIL TO AVOID

To: victims @ email.address
Subject: Re: missing package
From: John Henry <johnhenry.support @ ups.com>
Reply-To: johnhenry.support @ ups.com

Mr./Mrs. Victims First and Last name

I am sorry for this late reply, but we have good news.

We managed to track your package, and we have attached the
invoice you asked for to this reply.

The invoice contains the correct tracking# , since the one
you gave us was invalid.

You can use it on the ups website to track your shipment.

Thank you
John Henry
UPS Customer Care Department

ATTACHMENT: invoice.zip <--- Do not open this file

Posted: Sep 17 2008, 02:27 PM by Harry Waldron | with no comments

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.