a compass with the words chance, success, risk and failure on the face
Robert L. Weiner: Nonprofit Fundraising Technology Consulting
  • Home
  • Clients
  • About
    • Testimonials
    • Articles by Robert Weiner
    • Presentations by Robert Weiner
    • Services
      • Staffing
      • On-Call Advice
  • Contact

Lame spams of the day: Fake UPS and FedEx delivery notices

November 30, 2012 by Robert 22 Comments

My inbox has been polluted by a rash of these this week.  They’re so badly formatted, it’s hard to believe anyone would fall for them.  The spammers haven’t even tried to make the reply-to address look legit.  Some have a sender name from UPS but use the FedEx logo.  Like this site, I’m assuming these are malware delivery devices, but don’t intend to experiment. 

The senders have included:

U.P.S.Service [no.reply@fortwayne.com]

logistics UPS [no_reply@arlington.com]

UPS Mail [NOreply-RC@tulsa.com]

UPS Office [NoReply.RX@denver.com]

First-Class logistics [no_reply.JAU@shreveport.com]

First-Class logistics [support.264@lasvegas.com]

First-Class Mail Postal Service [769.JT@sanfrancisco.com]

The subjects have looked like:

Number (A)BQQ16 414 272 1170 9681

Tracking Detail (P)LAQ53 129 880 0685 1561

ID (O)JB19 720 719 5134 5558

Here are three examples of the format:


 

 

 

Robert

Comments

  1. katy says

    December 2, 2012 at 6:55 am

    Yup, I received one last night too. Thanks for posting this!

  2. Steven says

    December 2, 2012 at 11:19 am

    They’ve reached Scotland too. The return email on my one was-

    First-Class logistics

    You’ve got to hand it to scammers, it’s very clever to ramp up a scam like this in the run up to Christmas. People ordering and expecting delivery of loads of parcels. I know I sometimes lose track of what I’ve ordered around this time of year. Indeed, the reason I’m posting this comment is because I received an email and was suspicious but had some doubt, so I googled it and arrived here (thanks for confirming my suspicions btw :-)).

    In no way am I trying to condone what they do but they’re clearly intelligent. Makes you wonder what good they could do for the world if they put their smarts towards constructive, rather than nefarious, activities!

  3. Wilma says

    December 4, 2012 at 9:03 am

    Yes , I got one too, thanks so much for posting the scam. I tried to contact FedEx to let them know but had difficulty getting in touch with them except on an expensive 09 number which I did not feel like doing as I was trying to do them a favour, also got nowhere with online chatting with customer services as their site was not supported by my 2012 Google browser.

    The message I got asked you to open a postage receipt and then take that to the postoffice, no details which post office. The mail was addressed to my normal email address, but copied to a bogus address with my name in it. The ups logistics sender was no.replyDC@jacksonville.com.

    Thanks again for alerting me!

  4. TJ says

    December 7, 2012 at 12:37 pm

    I got this one…different address but same tomfoolery. Since when did Fedex ever leave something at the local post office…these jokers need to do some research.

    FedEx
    Order: SD-5468-482485468
    Order Date: Monday, 2 December 2012, 11:23 AM

    Dear Customer,

    Your parcel has arrived at the post office at December 4.Our postrider was unable to deliver the parcel to you.

    To receive a parcel, please, go to the nearest our office and show this postal receipt.

    GET POSTAL RECEIPT

    Best Regards, The FedEx Team.

    © FedEx 1995-2012

  5. Robert says

    December 7, 2012 at 12:59 pm

    And what’s a postrider? Sounds like the Pony Express.

  6. Sergio says

    December 8, 2012 at 9:04 am

    Ifound this in my spam, i thought it was about one of my packages i ordered but turned out it was a scam. I google the order number and found this website. Be careful everyone for scammers.

    FedEx

    Order: SD-5468-482485468
    Order Date: Monday, 2 December 2012, 11:23 AM
    Dear Customer,

    Your parcel has arrived at the post office at December 4.Our postrider was unable to deliver the parcel to you.

    To receive a parcel, please, go to the nearest our office and show this postal receipt.

    GET POSTAL RECEIPT

    Best Regards, The FedEx Team.

  7. Bee says

    December 9, 2012 at 6:34 am

    Hello,

    I got such a mail as well, saying:

    >> Order: SGH-1883-1228851676
    Order Date: Monday, 2 December 2012, 12:32 AM

    Dear Customer,

    Your parcel has arrived at the post office at December 7.Our postrider was unable to deliver the parcel to you.

    To receive a parcel, please, go to the nearest our office and show this postal receipt.

    GET POSTAL RECEIPT

    Best Regards, The FedEx Team. <<

    Some years ago it was a UPS mail saing nearly the same.

    I'm from Germany.

    Best wishes to everyone,
    Bee

  8. Sue says

    January 19, 2013 at 10:35 pm

    I actually received this email as well; I did click into it and it led me into a page with a suspicious URL and the page never loaded…
    I was checking my email on my phone and had clicked into it on my phone
    I hope this does not infect my phone

  9. Nancy Vandergriff says

    January 20, 2013 at 5:55 pm

    Is there anyway to stop this junk? I get 10+ per day

  10. Adriane says

    January 20, 2013 at 8:03 pm

    I have received one of those every day for over a week!

  11. Robert says

    January 21, 2013 at 9:36 am

    I don’t know of a way to stop them other than your own (or your ISPs) spam filter. Here’s a list of spam filters that work with Outlook and learn from what you mark as spam. Also, Gmail has excellent spam filters.

  12. M. D. says

    January 21, 2013 at 8:37 pm

    I received the same message, verbatim, as posted by Sergio above. What gives? Are they hoping you click the “Get Postal Receipt” link/button so they can infect you with a virus?

  13. Robert says

    January 21, 2013 at 8:57 pm

    M.D. — yes, that seems to be the point. I’m guessing that the virus would cause your computer to send out more of these messages to your address book and turn your computer into a bot for nefarious aims.

  14. john says

    January 31, 2013 at 10:30 pm

    even over here in lil’ ol’ new zealand i’m getting them

    i’ve never opened them – so i have no idea what their objective might be – maybe i’m to be lured by some Nigerian into paying ever increaing amounts of money to secure the release of some non existent package

  15. Robert says

    February 1, 2013 at 8:11 am

    John — apparently these are malware delivery devices, not phishing scams. But I haven’t tested them to see what kinds of bad things might happen.

  16. Nikolas says

    February 2, 2013 at 6:52 am

    They attach the PostalReceipt.exe in compressed file. I scanned it and it is a positive Trojan-Downloader.Win32.Kuluoz.alx
    This is truly a dangerous scam.

  17. Mary Ellen says

    February 22, 2013 at 7:57 pm

    I clicked on the parcel link since we were expecting something. Foolish, I know. I have a MAC – how do I ensure the laptop is not infected?

  18. Robert says

    February 23, 2013 at 9:47 am

    Mary Ellen,

    I don’t know whether this malware targets Macs. But if you run a search for terms like macintosh anti-malware or macintosh antivirus you’ll find some options.

  19. Eliza says

    March 1, 2013 at 7:15 am

    Received it a few days ago, and tried opening it as I did not suspect it was a spam. The attachment did not open. Can anyone tell me this is okay if the attachment is not opened? I have virus protection software on my laptop. Will that help screen out the malware? Help!!!

  20. Robert says

    March 1, 2013 at 8:47 am

    Eliza,

    I’d try running a full virus scan on your computer. Nikolas posted that the attachment deploys Trojan-Downloader.Win32.Kuluoz.alx. Try checking or asking whether your anti-virus software handles that.

  21. Eliza says

    March 1, 2013 at 9:43 pm

    Thanks, Robert. I called Eset NOD32 and they said the virus identified by Nikolas (Trojan-Downloader.Win32.Kuluoz.alx) in their database. However each virus protection company uses different names for viruses (e.g. the same virus may be named differentlly by Norton) and that NOD32 covers almost all of the identified viruses around the word and so I should be fine if nothing comes up from the scan. Is this fine, Robert?

  22. Robert says

    March 2, 2013 at 8:46 am

    Eliza — If the virus is in Eset’s database and a scan didn’t find it on your computer, you should be OK. Fingers crossed!

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer #Left

This is an example of a widget area that you can place text to describe a product or service. You can also use other WordPress widgets such as recent posts, recent comments, a tag cloud or more.

Footer #Right

This is an example of a widget area that you can place text to describe a product or service. You can also use other WordPress widgets such as recent posts, recent comments, a tag cloud or more.

Copyright ©2017 Robert L. Weiner: Nonprofit Fundraising Technology Consulting

  • Home
  • Clients
  • About
    • Testimonials
    • Articles by Robert Weiner
    • Presentations by Robert Weiner
    • Services
      • Staffing
      • On-Call Advice
  • Contact