Protect Yourself and Report the Latest Frauds, Scams, Spams, Fakes, Identify Theft Hacks and Hoaxes
There are affiliate links on this page.
Read our disclosure policy to learn more.
Translate this page to any language by choosing a language in the box below.
Have you received an email appearing to be from "United Parcel Service (supportadmw@ups.com)", telling you that "United Parcel Service notification with attached zip file: United Parcel Service Documentation.zip"; with an attachment, saying "Attached to the letter mailing label contains the details of the package delivery. You have to print mailing label, and come in the United Parcel Service ( supportadmw@ups.com) office in order to receive the packages"
It is a scam and malware. If you click to open the attached file (typically, it is a zip file), you will open a virus or other malware. One report from Mxlab.eu/ says the email contains the zip archive upsinvoice3325037.zip, which once extracted, opens a Trojan, the 36 kB large file UPSINVOICE.exe.
Opening the attached file can install a trojan on the user's computer. Once installed, the trojan can send information to malicious servers and may download other malware.
The scammers rely on the fact that many recipients may open the attachment out of simple curiosity or concern. You should always be very cautious of any unsolicited emails that claim that a package delivery has failed or been returned. No legitimate delivery company will send notice of a failed delivery via an unsolicited email. Especially not with an attachment.
March 23, 2011, CFR received the following email, with the subject:
United Parcel Service notification:
Dear customer.
The parcel was sent your home address.
And it will arrive within 7 business day.
More information and the tracking number are attached in document below.
Thank you.
' 1994-2011 United Parcel Service of America, Inc.
The email is typically sent from a spoofed address, making it look like: 'United Parcel Service
infojs@
joiner2@
joiner22@
joisupport@ups.com
supportadm@ups.com
support@ups.com
'.
The email contains the zip archive upsinvoice3325037.zip, once extracted the 36 kB large file UPSINVOICE.exe is available. The trojan is known as W32/FakeAlert.NW (F-Prot), Trojan.Win32.VBKrypt.yj (Kaspersky), Win32/Oficla.EU (NOD32), Troj/Bredo-CX (Sophos) or Trojan.Sasfis (Symantec).
The following files are created:
%Temp%\1.tmp
%System%\nnfj.tqo
%Temp%\2.tmp
%Windir%\scindl.dll
And please let us know about any suspicious calls or emails you receive. We look for patterns so that we can alert the authorities and victims to new scams, before it is too late!
For a comprehensive list of national and international agencies to report scams, see this page./a>