Skip to Content
© Mike2focus | Dreamstime.com
Security & privacy

This clever fake UPS email takes phishing scams to a whole new level

You’ve been around the internet for some time. You know the ins and outs and what to avoid. You can spot a scam from a mile away, right? Social media giveaways, car warranty calls, texts from the IRS — these tricks don’t work on you. We applaud you for your vigilance.

As careful as you may be, scammers are always working on nabbing new victims. One method is to impersonate a business or service that you are familiar with through phishing emails. Once a bad actor has your trust, they pounce. A recent case saw a scammer posing as Microsoft and sending emails requesting payment for service. Tap or click here for details and tips on how to avoid this type of fraud.

People have been getting more packages since the start of the pandemic. Essentials for work, home, school and entertainment are just a click away as online retailers expand their wares. Of course, scammers were quick to jump on this opportunity. Read on for a new trick to watch out for.

You’ve got mail

One form of phishing involves malicious links embedded in otherwise legitimate-looking emails. You can avoid falling victim by checking that the link and URL it leads to line up. You can do this manually by hovering your mouse over the link or get a link scanner via a plugin or one included in your browser.

What if the link appears legitimate? Twitter user @DanielGallager posted a case in which the malicious link led to a real website, in this case, UPS.

Tom’s Guide reports that the phony email is sent to victims, informing them that there is a problem with their UPS package. They are given the option to download and print the invoice to pick up the package at the UPS store or click the link to a tracking number.

Hovering over the link reveals that it leads to a real UPS.com page. Users who click the link are taken to a UPS page with a message stating, “Your download will start shortly.”

You’ll get a Word doc that you can’t read. Microsoft Word will ask you to enable macros to read it. Once you do this, malicious files are downloaded.

The scammer was able to put malicious code into an official website. Some antivirus programs can pick up on this and keep you from doing further damage.

Tap or click here to check out another delivery scam that involves a fake message from Walmart.

How to protect yourself

Here are some tips to avoid falling victims to scams like this:

  • Avoid clicking on links found in unsolicited messages. If you’re not sure about a message or link, contact the company it supposedly originated from directly.
  • Are you even expecting a package? Keep track of your orders so you’re not tempted to open those phishy emails to begin with.
  • Don’t enable macros for an unfamiliar document. Enabling macros on a Word doc as seen in this phishing scam allows it to install malware on your device.
  • Your first line of defense is antivirus software. Keep it running and keep it updated! We recommend our sponsor, TotalAV. With TotalAV, you get so much more than antivirus protection. It’s the full package: A security suite that protects your computer and smartphone from today’s threats. Get the Best Security Suite for 2021 and save an exclusive 80% at TotalAV.com/Kim. That’s just $19 for an entire year of protection.

Keep reading

These 2 new Google scams are easy to fall for – Don’t become a victim

9 ways to spot tricks scammers use to steal your credit card info and con you out of money

Refer friends, earn rewards!

Why not share your source of digital lifestyle news, tips and advice with others? When your friends and family subscribe to Kim's free newsletters, you earn points toward awesome rewards!

Get rewarded