Jump to content
RemedySpot.com

UPS email Trojan scam

Rate this topic

Guest guest

By Guest guest
in Health, Medicine and Natural Healing 08

 Share

Recommended Posts

Guest guest

Guest guest

Posted
Posted

Hiya,

Although its mostly Post Office we use, a lot of us order our meds

from abroad so I thought this may be relevent...

Source: : http://www.scambusters.org/

(not yet online. will be up Friday)

<>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>

A Widespread Convincing and Dangerous UPS Scam

<>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<>

A UPS scam, where victims are lured into clicking a download link, is

sweeping through inboxes. It's happening right now but the lesson it

teaches us is good for all time.

If you've ever received a package via the parcel company -- andmost

of us have -- you might be tempted to take seriously an email that

seems to come from them, saying they have a package for you.

But what if that email also asks you to open an attachment, that

appears to be a Microsoft Word document? Would you be suspicious?

Would you click on it?

Hopefully not. But hundreds, maybe thousands, of people have done

just that,only to discover, if they're lucky, the whole thing is a

scam and that clicking on the attachment downloads a virus onto their

PC. (This does not affect Mac users.)

We say " if you're lucky " to make the discovery because, if you don't,

the virus will just sit there doing its evil work --reading your

files, including confidential information, then transmitting the

details to a server somewhere in Russia.

At least if you know it's there, you can do something about it.

Actually, this UPS scam malware is not a virus but a Trojan --the

difference being that a virus replicates itself and sends itself to

other computers, whereas a Trojan must be sent out by someone

(usually in a spammed message) and then actually be installed by the

victim.

However, that doesn't make it any less lethal once it hits your

machine. So far, there seem to be two main variations of the

offending spammed email -- both looking like a genuine notification.

The first one tells you the parcel service tried but was unable to

deliver a package to you due to their having an incorrect address.

The subject heading usually has a phony tracking number. The

attachment is supposedly a copy of a waybill or invoice for you to

print and use to collect the parcel from a UPS office.

The second is a customs notification and may even seem to come

from " US Customs Service " rather than UPS. It says you have an

international package (usually from France) and that you need to

complete the attached customs form so it can be delivered.

In both this and the UPS scam, the attachment is a compressed ZIP

file (that is, one with a name that ends in " .zip " ), eventhough the

icon may look like a Word document. As soon as you double click on

it, you're doomed.

It installs a downloading program that then fetches and installs at

least two more files on your system. These may disable your firewall,

look for and steal credit card and bank account details, make screen

snapshots and allow hackers continued access to your machine.

UPS has issued a warning telling customers not to click the

attachment. The firm also points out that although it sometimes does

send out email notifications, it rarely uses attachments.You can read

the entire message here.

http://www.ups.com/content/us/en/about/news/service_updates/virus_us.h

tml

Similarly, US Customs says it normally contacts people by letter

rather than email.

Action: One of the worrying aspects of the UPS scam was that, at

first, most Internet security software failed to spot the Trojan and

allowed it to install. Subsequently, they all issued virus definition

updates so, if your program is up to date, you should be OK.

If you do get the email, delete it. It shouldn't harm you, provided

you don't click the attachment.

Of course, this attack underlines the danger of ever clicking on an

attached file, even if it appears to come from a person

ororganization you know or frequently deal with.

You just can't be sure. And, although it may take a little more time,

it's relatively easy to check out how genuine anattachment is by

contacting the sender by phone or email (keying in their email

address yourself rather than hitting the 'reply'button!).

In the case of the UPS scam, so many people are regular users of UPS

they allowed this familiarity to cloud their judgment and clicked on

the link.

If your machine does become infected, disable system restore, boot

your computer into safe mode, update your virus definitions and then

run a full system scan.

If you're not sure how to do this, check your operating system and

security software documents. If you don't have security software

installed -- now is the time!

Link to comment
Share on other sites

Join the conversation

You are posting as a guest. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...