Back to Courier Columns Page

"EXPECTING A PACKAGE" SCAM
by Ray Carlson


Q. I received an email from UPS indicating they attached a file with information about a package. When I opened the attachment, there was no information. How do I find out about the package?

A. Unfortunately, such messages are a new variation on a common malware attack. The message uses the UPS logo and colors to make it seem official. Earlier versions came from FedEx, DHL, and Post Office Express Service. When the attachment is opened, a virus is downloaded. Have your anti-virus program run a search and eliminate the virus.

If you made any recent purchases from a store or company that might have sent you a package, go to that company’s website and check your account. They will include a link to check the status of the delivery. Always check that way instead of opening an attachment or clicking on a link in such a message. If the message is bogus, the link can lead to a malicious website with malware.

You should also set your anti-virus program to update daily since once this email was around for a couple of days, most programs were updated to look for the problematic attachment.

Another variation on such malware indicates that you are receiving a pdf file from a standard office or work center. In this case, the pdf hides the malware. Adobe recently released Adobe Reader X. This new version includes a way to stop programs in the pdf that behave like malware. Upgrade to X before opening pdf attachments.

Published: Courier 2/20/11 - Page 7C