My inbox has been polluted by a rash of these this week. They’re so badly formatted, it’s hard to believe anyone would fall for them. The spammers haven’t even tried to make the reply-to address look legit. Some have a sender name from UPS but use the FedEx logo. Like this site, I’m assuming these are malware delivery devices, but don’t intend to experiment.
The senders have included:
U.P.S.Service [no.reply@fortwayne.com]
logistics UPS [no_reply@arlington.com]
UPS Mail [NOreply-RC@tulsa.com]
UPS Office [NoReply.RX@denver.com]
First-Class logistics [no_reply.JAU@shreveport.com]
First-Class logistics [support.264@lasvegas.com]
First-Class Mail Postal Service [769.JT@sanfrancisco.com]
The subjects have looked like:
Number (A)BQQ16 414 272 1170 9681
Tracking Detail (P)LAQ53 129 880 0685 1561
ID (O)JB19 720 719 5134 5558
Here are three examples of the format:
Yup, I received one last night too. Thanks for posting this!
They’ve reached Scotland too. The return email on my one was-
First-Class logistics
You’ve got to hand it to scammers, it’s very clever to ramp up a scam like this in the run up to Christmas. People ordering and expecting delivery of loads of parcels. I know I sometimes lose track of what I’ve ordered around this time of year. Indeed, the reason I’m posting this comment is because I received an email and was suspicious but had some doubt, so I googled it and arrived here (thanks for confirming my suspicions btw :-)).
In no way am I trying to condone what they do but they’re clearly intelligent. Makes you wonder what good they could do for the world if they put their smarts towards constructive, rather than nefarious, activities!
Yes , I got one too, thanks so much for posting the scam. I tried to contact FedEx to let them know but had difficulty getting in touch with them except on an expensive 09 number which I did not feel like doing as I was trying to do them a favour, also got nowhere with online chatting with customer services as their site was not supported by my 2012 Google browser.
The message I got asked you to open a postage receipt and then take that to the postoffice, no details which post office. The mail was addressed to my normal email address, but copied to a bogus address with my name in it. The ups logistics sender was no.replyDC@jacksonville.com.
Thanks again for alerting me!
I got this one…different address but same tomfoolery. Since when did Fedex ever leave something at the local post office…these jokers need to do some research.
FedEx
Order: SD-5468-482485468
Order Date: Monday, 2 December 2012, 11:23 AM
Dear Customer,
Your parcel has arrived at the post office at December 4.Our postrider was unable to deliver the parcel to you.
To receive a parcel, please, go to the nearest our office and show this postal receipt.
GET POSTAL RECEIPT
Best Regards, The FedEx Team.
© FedEx 1995-2012
And what’s a postrider? Sounds like the Pony Express.
Ifound this in my spam, i thought it was about one of my packages i ordered but turned out it was a scam. I google the order number and found this website. Be careful everyone for scammers.
FedEx
Order: SD-5468-482485468
Order Date: Monday, 2 December 2012, 11:23 AM
Dear Customer,
Your parcel has arrived at the post office at December 4.Our postrider was unable to deliver the parcel to you.
To receive a parcel, please, go to the nearest our office and show this postal receipt.
GET POSTAL RECEIPT
Best Regards, The FedEx Team.
Hello,
I got such a mail as well, saying:
>> Order: SGH-1883-1228851676
Order Date: Monday, 2 December 2012, 12:32 AM
Dear Customer,
Your parcel has arrived at the post office at December 7.Our postrider was unable to deliver the parcel to you.
To receive a parcel, please, go to the nearest our office and show this postal receipt.
GET POSTAL RECEIPT
Best Regards, The FedEx Team. <<
Some years ago it was a UPS mail saing nearly the same.
I'm from Germany.
Best wishes to everyone,
Bee
I actually received this email as well; I did click into it and it led me into a page with a suspicious URL and the page never loaded…
I was checking my email on my phone and had clicked into it on my phone
I hope this does not infect my phone
Is there anyway to stop this junk? I get 10+ per day
I have received one of those every day for over a week!
I don’t know of a way to stop them other than your own (or your ISPs) spam filter. Here’s a list of spam filters that work with Outlook and learn from what you mark as spam. Also, Gmail has excellent spam filters.
I received the same message, verbatim, as posted by Sergio above. What gives? Are they hoping you click the “Get Postal Receipt” link/button so they can infect you with a virus?
M.D. — yes, that seems to be the point. I’m guessing that the virus would cause your computer to send out more of these messages to your address book and turn your computer into a bot for nefarious aims.
even over here in lil’ ol’ new zealand i’m getting them
i’ve never opened them – so i have no idea what their objective might be – maybe i’m to be lured by some Nigerian into paying ever increaing amounts of money to secure the release of some non existent package
John — apparently these are malware delivery devices, not phishing scams. But I haven’t tested them to see what kinds of bad things might happen.
They attach the PostalReceipt.exe in compressed file. I scanned it and it is a positive Trojan-Downloader.Win32.Kuluoz.alx
This is truly a dangerous scam.
I clicked on the parcel link since we were expecting something. Foolish, I know. I have a MAC – how do I ensure the laptop is not infected?
Mary Ellen,
I don’t know whether this malware targets Macs. But if you run a search for terms like macintosh anti-malware or macintosh antivirus you’ll find some options.
Received it a few days ago, and tried opening it as I did not suspect it was a spam. The attachment did not open. Can anyone tell me this is okay if the attachment is not opened? I have virus protection software on my laptop. Will that help screen out the malware? Help!!!
Eliza,
I’d try running a full virus scan on your computer. Nikolas posted that the attachment deploys Trojan-Downloader.Win32.Kuluoz.alx. Try checking or asking whether your anti-virus software handles that.
Thanks, Robert. I called Eset NOD32 and they said the virus identified by Nikolas (Trojan-Downloader.Win32.Kuluoz.alx) in their database. However each virus protection company uses different names for viruses (e.g. the same virus may be named differentlly by Norton) and that NOD32 covers almost all of the identified viruses around the word and so I should be fine if nothing comes up from the scan. Is this fine, Robert?
Eliza — If the virus is in Eset’s database and a scan didn’t find it on your computer, you should be OK. Fingers crossed!