Thursday, 8 July 2010

Social Engineering UPS delivery



Showing fishy emails
I have decided that each time I see receive an email that threatens to expose me to scamming by reason of the genius of its construction, I will post the email and annotate it to expose the suspect activity, without getting too technical.
Looking through my inbox that receives close to 80 emails a day from so many email accounts there was one that appeared to arrive at my business account from UPS, the courier company.
From the header, I noticed there was no subject – No business with any sort of organised system should ever send a customer an email with a subject, on a personal basis, it is rude, in a business setting it is unprofessional.
Appearances and realities
The email appeared to come from UPS Support with a name of the sender, it looked official enough with a UPS.com email address too.
If you get an email from any organisation and the email domain does not reflect the organisation or business name, the sender is an impostor. Many lottery wins and collect emails do not use company email domains are they can be classed as scams no matter how too good to be true the content might be. Yahoo, Hotmail, MSN addresses should be ignored.
Where is my name in this email, they should know who they are delivering to, this is a delivery company for crying out loud. It looks like a fishing exercise.
PDF or broke
This email had an attachment with the name invoice. Be careful with attachments, the safest ones to open are ones with the PDF extension, anything else treat as suspicious, probably a virus or a keylogger ready to steal your passwords to email or bank accounts. It would be safe to just delete those emails.
Nowadays, invoices must be emailed in PDF format, they are never too large to be undeliverable because of email service restrictions. ZIP files are like Trojan horses, open them and you can end up running a program that ruins your system or worse. EXE files, just NEVER open them. If they are TXT files, sometimes it is best to save the attachment first then observe that they are really the format they say they are before you open them.
You must always have an up-to-date virus scanner on your system that scans emails too. AVG offers a free edition but the professional editions are inexpensive too.
Drawing you by the bait
Now to the social engineering part of this email; I have been informed that “Unfortunate we failed to deliv” then the rest of the text is obscured by an opaque grey box.
Out of frustration or curiosity you will be tempted to find out what this was all about and find yourself opening the suspect attachment and you have been had – hook, line and sinker.
I think it is a work of evil genius because many would end up opening the attachment, I did not; there were two separate messages in this email.
The first was the text about a delivery and one I was not expecting, the second was an invoice for something I cannot say I paid for.
No effect without cause
The invoice if I paid for anything should have come from the company I bought stuff from and not from UPS except if I had engaged the services of UPS which I did not.
So, on balance of probability, this is a scam, if UPS were unable to deliver a product, it would have arrived at my address and a note left in my postbox not an email sent to me.
The more this email looks authentic the more I am suspicious of its origins. In the worst case scenario, I have replied to this email asking for it to be sent in legible text, with a PDF invoice and a letter sent by post explaining why they could not deliver the service. If your name is not in the email you received, do not sign off with your name.
Don’t give them more
They do not need my name or address in the reply, they should already have it – do not volunteer excess information to suspect situations.
People are looking to have you, ensure you are not had by innocuous emails masquerading as authentic customer support email. Benign as this might seem, it screams scamming to the rafters at best, I cannot think of what the worst of their intentions might be.
The graphic of that email appears below.

UPS Email Scam

No comments: