‘UPS Delivery Confirmation Failed’ Spam Leads to Drive-by-Download Attacks

UPS LogoBe careful not to click on any links within emails purporting to be from UPS claiming that a delivery confirmation failed.

Webroot researchers warn that spammers are up to their old tricks and are widely-spamming out fraudulent UPS notices to drive users to malicious websites serving malware.

Here’s a copy of the email currently being sent out:

UPS Delivery Confirmation Failed
Screenshot Credit: Webroot

UPS – Your UPS Team

Good Morning,

Dear Client, DELIVERY CONFIRMATION: FAILED

Track your Shipment now!

Pack it. Ship ip. No calculating , Your UPS Team.

According to Webroot, recipients that click on a link within the email will be taken to a third-party website hosting the infamous BlackHole exploit kit, which will attempt to exploit system vulnerabilities in order to plant malware on the visiting machine.

What to Do with UPS Spam

If you receive an email similar to the one below, it is strongly recommended that you:

  • Do NOT click on any hyperlinks within the email.
  • Report the email to UPS by forwarding it to fraud@ups.com (be sure to include the full headers).
  • Delete the email immediately.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

This entry was posted in Computer Security, phishing, spam and tagged , , , , , .
Follow any comments here with the RSS feed for this post. Trackbacks are closed, but you can post a comment.

© 2014 Hyphenet, Inc.
1761 Hotel Circle S, Suite 350, San Diego, CA 92108

All rights reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited.

Hyphenet IT Security Blog located at 1761 Hotel Circle South, Suite 350 , San Diego, CA . Reviewed by 91 customers rated: 3.8 / 5