Analysis of UPS e-mail scam/spam

In the olden days I was an IT manager, and had significant hands-on responsibilities with corporate computer users as well as e-mail stuff (once we brought the e-mail server in-house).

I hated spam, but knew that it was a battle that we would never win.  Anti-spam technology wouldn’t win out against spammers who have tons of time and talent on their hands, and lots of patience.  And, as long as there are people who continue to click on it (and it happened all the time, from the n00bie to the CEO, from the non-techie to my tech team, everyone clicked on stupid stuff (except me, of course)).

Anyway, check out this image, and the descriptions below for each point I bring out:

  1. This looks pretty legit… based on this subject line, I thought it was real.
  2. This is the first red flag – look in the brackets.  Why is the UPS coming from an @bowenrealestate.com address???
  3. This slipped past me the first few times I looked, but guess what – I don’t use this e-mail address!  They scraped it from the web somewhere.
  4. This is one of the biggest red flags – a zip attachment.  No legit company should send you a zip file from out of the blue.  If you get a zip file from anyone you don’t know, delete the entire e-mail.  Harsh, perhaps, but it beats spending days messing around trying to fix a virus.
  5. “July the 1st?”  Who would write that??  Also, an e-mail from UPS would have proper formatting, which means a space between the two paragraphs.
  6. This was kind of subtle also, except I’m a nut for the period… which you’ll notice is missing.  Doh!
  7. This is not an e-mail signature I’d expect to see from a legit company.  If nothing else, I’d think they would put in a gray-font disclosure statement… this looks too bare.  Not to mention, “Your UPS” is not the way they would refer to themselves… perhaps Your UPS Team, or something like that.  Oh yeah, forgot the “sincerely,” did ya?

I think this post will help those offshore spammers more than the poor, unsuspecting recipient.  Nothing helps the poor, unsuspecting recipient, and they keep the anti-spam vendors in business as much as the spammers themselves!

 

3 Responses to “Analysis of UPS e-mail scam/spam”

  1. Sue Says:

    Just a couple more things I noticed about the email. UPS tracking numbers start with 1Z and have 18 numbers and letters mixed; the email shows a string of 10 numbers only. Also, the first line reads “we were unable to deliver ‘postal’ package”; UPS would NEVER refer to one of their packages as “postal”. UPS and USPS are very quick to tell you they are not affiliated and are very particular about the language they each use.

  2. Frank Stewart Says:

    There are more problems with the UPS spam/scam than just those Jason points out. First of all, if you’ve EVER done any UPS tracking, you’ll recognize the tracking # as bogus. UPS tracking #s almost always have alpha characters in them. Second, when YOU send a UPS package, do you give UPS the recipient’s email address??? The mere fact of receiving an email from UPS on a package delivery is a MAJOR RED FLAG! Third, even if the rest of the email were legit, why would UPS be sending you an “invoice”? You didn’t send it. You didn’t pay for it. It wasn’t sent C.O.D., according to the email message. Major red flag. Fourth, read the message: UPS doesn’t refer to their packages as a “postal package”. For these reasons and those Jason pointed out, anyone who opened this and got burned wasn’t thinking at all. These scammers were counting on someone saying, “Oh, Goodie! A package….for MEEEE!” without giving it another thought.

    I’m just sayin’, folks, THINK!!!

  3. Scott Says:

    Does anyone know what the payload (zip) does? My wife seems to have fallen for this one.
    Thanks.

Leave a Reply