UPS email fraud scam

[nobbie48]

Forum Sponsor

I got an email from what appeared to be UPS saying my parcel couldn't be delivered due to an address error. I am expecting a package so clicked onto the "Click Here" icon and got forwarded to a new "UPS" page and filled in the tracking number. They wanted my cell number which got me suspicious. They didn't get my cell number but I don't know what they may have planted in my computer as I typed in the tracking number.

I called UPS and it's a fraud, I suppose to collect valid cell numbers, plant malware etc. If you look at the new site address it's not UPS.

Now to find out what may have been planted in my computer.

Crappy way to start the day

 

[nikiter]

#firstworldproblems

 

[wonderings]

When I am expecting a package with a tracking number, i just follow the package with its ID, if there is a problem, it will say there. I never open open emails like that, we get at least one claiming to be from UPS a week with a zipped file containing documents, obviously a virus or something like that.

 

[TheDirty]

Seriously? This is new to people.

Quick look through my junk folder for phishing e-mails:

UPS parcel delivery notices
FedEx Parcel delivery notices
Linkedin requests
Federal Tax notices
Work Invoice check requests (different companies)
ADP digital certificate expiry
Rejected ACH payments
Successful money transfer notices
American Airlines Itinerary ON HOLD
Bank of America Merchant statements

 

[Roomie]

Don't forget the middle east guy that will send you your asking price plus a hundred grand on kijiji. All you have to do is click here, send your credit card info there. All legit emails


Sent from my piss poor iPhone while sitting on my squidly gixxxxxxxxer sippin on kool aid

 

[mimico_polak]

Don't forget the middle east guy that will send you your asking price plus a hundred grand on kijiji. All you have to do is click here, send your credit card info there. All legit emails

All it takes is ONE person to click and fill it out. Fantastic return on investment!

 

[suzuki2000]

I got an email this morning, suspicious, from efax.ca which looks legit?
It appeared to be a fax sent to my email, which is odd. the link tried drecting to open a file from a site that looked to be from Brazil, it has a .br extension.

When googling the site it was in Spanish or Portugese. Anyway the file was a .zip, so it received a delete. I am not aware of any business that I am doing with anyone in Brazil.

Hope it want anything legitimate..

 

[FullMotoJacket]

When you get an email like that hover your mouse pointer over the hyperlink. The actual URL the link goes to will show up on the bottom of your browser.

 

[hpvchewy]

I got an email from what appeared to be UPS saying my parcel couldn't be delivered due to an address error. I am expecting a package so clicked onto the "Click Here" icon and got forwarded to a new "UPS" page and filled in the tracking number. They wanted my cell number which got me suspicious. They didn't get my cell number but I don't know what they may have planted in my computer as I typed in the tracking number.

I called UPS and it's a fraud, I suppose to collect valid cell numbers, plant malware etc. If you look at the new site address it's not UPS.

Now to find out what may have been planted in my computer.

Crappy way to start the day

I would run a scan with combofix then full scan with malwarebytes to be sure you're clean.

 

[Rob MacLennan]

#firstworldproblems

Well we live in the First World. Whose problems should we have?

 

[inreb]

You could have third world problems in the first world if not playing with full deck or have met with some other misfortune.

 

[backmarkerducati]

Lets be clear, most of these scams prey on human nature, specifically the greed and dishonesty of the victim. It is unlikely that someone just happens to be waiting for a package from UPS, instead the scammers hope that some of the recipients will be greedy and will fall for it hoping that they will get something free by mistake (victim is dishonest). They know it is not something they ordered!

The same thing goes for the "you won the lottery" scam, the person knows they did not enter the lottery in XXXX but still fall for it out of greed and dishonesty. Same for the Nigerian Prince, long lost uncle, etc. The people who fall for them are dishonest, just not as dishonest as the scammer.

There are a few exceptions, like when they prey on the elderly, using confusion. But most of these use a different angle other than the greed of the victim.

 

[Rob MacLennan]

Lets be clear, most of these scams prey on human nature, specifically the greed and dishonesty of the victim. It is unlikely that someone just happens to be waiting for a package from UPS, instead the scammers hope that some of the recipients will be greedy and will fall for it hoping that they will get something free by mistake (victim is dishonest). They know it is not something they ordered!

The same thing goes for the "you won the lottery" scam, the person knows they did not enter the lottery in XXXX but still fall for it out of greed and dishonesty. Same for the Nigerian Prince, long lost uncle, etc. The people who fall for them are dishonest, just not as dishonest as the scammer.

There are a few exceptions, like when they prey on the elderly, using confusion. But most of these use a different angle other than the greed of the victim.

Far more of them, these days, rely on curiosity and in-built reactions. Click on this? Sure. Open the file? Why not? A few of them even just rely on getting that one in a thousand shot of guessing the right bank that the person deals with.

 

[knowledge]

When you get an email like that hover your mouse pointer over the hyperlink. The actual URL the link goes to will show up on the bottom of your browser.

This. I don't know of any reputable establishments that use a link
shortener like bit.ly or tinyurl.com. If I check the link destination and it's
one of those, I just assume it's a scam. Have any of you found an exception?

Edit: but this one time, I got an e-mail asking for my SIN to continue. It was the last thing in my junk e-mail, so I e-mailed back asking if anyone was actually stupid enough to fall for that scam. I get a call from my boss saying that I just cussed off the company accountant. Hahaha she got a good laugh out of that and I felt dumb af. -_-

 

[nobbie48]

Lets be clear, most of these scams prey on human nature, specifically the greed and dishonesty of the victim. It is unlikely that someone just happens to be waiting for a package from UPS, instead the scammers hope that some of the recipients will be greedy and will fall for it hoping that they will get something free by mistake (victim is dishonest). They know it is not something they ordered!

The same thing goes for the "you won the lottery" scam, the person knows they did not enter the lottery in XXXX but still fall for it out of greed and dishonesty. Same for the Nigerian Prince, long lost uncle, etc. The people who fall for them are dishonest, just not as dishonest as the scammer.

There are a few exceptions, like when they prey on the elderly, using confusion. But most of these use a different angle other than the greed of the victim.

My package of knock off flashlights from Hong Kong arrived today but not by UPS.

BTW I don't need to take advantage of a misdirected parcel. The $26 million I got from my faked dead uncle's hidden bank account has barely been touched. If you can use some cash just post your SIN number and a few personal details.

 

[nobbie48]

Far more of them, these days, rely on curiosity and in-built reactions. Click on this? Sure. Open the file? Why not? A few of them even just rely on getting that one in a thousand shot of guessing the right bank that the person deals with.

I dispute your numbers. While a search of the deposit insurance registry would produce a list of hundreds if not thousands of banks, trust companies, credit unions and other financial institutions, I would guess that ninety percent of the population deal with one of four or five banks. Sending a fake email with one of those names attached would momentarily ring a bell with one in four or five recipients. How many open or respond to the email is another matter.

Is your password p a s s w o r d or the name of your pet, you know, the one you post pictures of on FB along with its name?

 

[daught]

I just got a fraudulent call from a call center! The number was a 647. Can I report it somewhere?

 

[Rob MacLennan]

I dispute your numbers. While a search of the deposit insurance registry would produce a list of hundreds if not thousands of banks, trust companies, credit unions and other financial institutions, I would guess that ninety percent of the population deal with one of four or five banks. Sending a fake email with one of those names attached would momentarily ring a bell with one in four or five recipients. How many open or respond to the email is another matter.

Is your password p a s s w o r d or the name of your pet, you know, the one you post pictures of on FB along with its name?

I didn't post any numbers.

Send out a million emails and get just one or two responses that you're looking for, and you're ahead of the game. As evidence of the random nature of such scam emails I offer the fact that in the past two years I have received dozens of emails that state my online banking information has been compromised, but only one of them stated that it was from a Canadian bank. I don't deal with that bank.

NOW I have posted a number.

 

[RockerGuy]

I just got a fraudulent call from a call center! The number was a 647. Can I report it somewhere?

When you purchase something from a store, give them that #

 

[nobbie48]

I didn't post any numbers.

Send out a million emails and get just one or two responses that you're looking for, and you're ahead of the game. As evidence of the random nature of such scam emails I offer the fact that in the past two years I have received dozens of emails that state my online banking information has been compromised, but only one of them stated that it was from a Canadian bank. I don't deal with that bank.

NOW I have posted a number.

You mentioned one in a thousand. However I think we agree that the cost per email is essentially zero so any return is profit, even if the return is saleable contact info.

Forum Sponsor