A Widespread Convincing and Dangerous UPS Scam

New warning about UPS scam and bait and switch deals: Internet ScamBusters #295

Two Snippets for you this week:

First, an alert about a UPS scam that delivers a deadly Trojan program onto your PC via email that, in turn, can lead to both identity theft and hacker control of your computer.

Second, we have a timely warning about online companies who use bait and switch tactics, offering products at bargain prices — with an expensive catch.

A Widespread Convincing and Dangerous UPS Scam

A UPS scam, where victims are lured into clicking a download link, is sweeping through inboxes. It’s happening right now but the lesson it teaches us is good for all time.

If you’ve ever received a package via the parcel company — and most of us have — you might be tempted to take seriously an email that seems to come from them, saying they have a package for you.

But what if that email also asks you to open an attachment, that appears to be a Microsoft Word document? Would you be suspicious? Would you click on it?

Hopefully not.

But hundreds, maybe thousands, of people have done just that, only to discover, if they’re lucky, the whole thing is a scam and that clicking on the attachment downloads a virus onto their PC. (This does not affect Mac users.)

We say “if you’re lucky” to make the discovery because, if you don’t, the virus will just sit there doing its evil work — reading your files, including confidential information, then transmitting the details to a server somewhere in Russia.

At least if you know it’s there, you can do something about it.

Actually, this UPS scam malware is not a virus but a Trojan — the difference being that a virus replicates itself and sends itself to other computers, whereas a Trojan must be sent out by someone (usually in a spammed message) and then actually be installed by the victim.

However, that doesn’t make it any less lethal once it hits your machine.

So far, there seem to be two main variations of the offending spammed email — both looking like a genuine notification.

The first one tells you the parcel service tried but was unable to deliver a package to you due to their having an incorrect address. The subject heading usually has a phony tracking number. The attachment is supposedly a copy of a waybill or invoice for you to print and use to collect the parcel from a UPS office.

The second is a customs notification and may even seem to come from “US Customs Service” rather than UPS. It says you have an international package (usually from France) and that you need to complete the attached customs form so it can be delivered.

In both this and the UPS scam, the attachment is a compressed ZIP file (that is, one with a name that ends in “.zip”), even though the icon may look like a Word document. As soon as you double click on it, you’re doomed.

It installs a downloading program that then fetches and installs at least two more files on your system. These may disable your firewall, look for and steal credit card and bank account details, make screen snapshots and allow hackers continued access to your machine.

UPS has issued a warning telling customers not to click the attachment. The firm also points out that although it sometimes does send out email notifications, it rarely uses attachments.

Similarly, US Customs says it normally contacts people by letter rather than email.

Action: One of the worrying aspects of the UPS scam was that, at first, most Internet security software failed to spot the Trojan and allowed it to install. Subsequently, they all issued virus definition updates so, if your program is up to date, you should be OK.

If you do get the email, delete it. It shouldn’t harm you, provided you don’t click the attachment.

Of course, this attack underlines the danger of ever clicking on an attached file, even if it appears to come from a person or organization you know or frequently deal with.

You just can’t be sure. And, although it may take a little more time, it’s relatively easy to check out how genuine an attachment is by contacting the sender by phone or email (keying in their email address yourself rather than hitting the ‘reply’ button!).

In the case of the UPS scam, so many people are regular users of UPS they allowed this familiarity to cloud their judgment and clicked on the link.

If your machine does become infected, disable system restore, boot your computer into safe mode, update your virus definitions and then run a full system scan.

If you’re not sure how to do this, check your operating system and security software documents. If you don’t have security software installed — now is the time!

Watch out for this bait and switch trick

We reported previously on how the scam technique known as “bait and switch” has been used in the mortgage and credit card markets.

New Mortgage Scams Sweep Away Homes and Dreams

Are You Being Haunted By Zombie Debt?

Now Scambusters’ valued subscriber, newspaper columnist David Morris, highlights another example of this trick, when a reader tried to buy a camera.

Bait and switch happens when you go for an advertised deal that offers fantastic value (the bait), only to find it’s not available as advertised. You’re offered a more costly deal that may or may not compare in value (the switch). This might be an alternative product or some enhancement to the original one.

In his regular column “In Your Corner” in The Sun newspaper of Port Charlotte, FL, David explains the reader’s attempt to buy a camera from an online dealer. The camera was offered at an incredibly low price but the dealer told the buyer he could only have it if he also bought some overpriced accessories.

That’s a bait and switch. Kind of defeats the purpose, doesn’t it?

As David says, the price, which was one third below retail, was too good to be true. When you see a deal like this from a company you don’t know, he advises, it pays to check them out, both with consumer agencies and online.

In this case, a quick Google search would have told the buyer everything he needed to know to steer clear of this seller.

“The lesson is to realize the Internet is wrought with scams. Companies like this are apparently trying to lure you in with the bait of low prices only to make up for the discounted price by up-selling highly inflated accessories in a follow-up ‘confirmation call,’ says David.” …When you don’t bite, they catch and release.

“So don’t be so trusting, always do your homework and don’t get hooked!”

Thanks, David.

That’s all for today — we’ll see you next week.