Go to the U of M home page

Friday, November 17, 2017

Advisory: Fake "Invoice" and "UPS" notices come bearing malware!

Multiple versions of "Invoice" or UPS delivery notices have been received, linked to malware aimed at stealing financial information.

Example messages:
From: UPS.com <some.name @some.domain.org>
Date: Mon, Nov 13, 2017 at 7:15 AM
Subject: UPS Ship Notification, Tracking Number 0IT41910520287451
To:
You have a parcel coming.
The physical parcel may or may not have actually been tendered to UPS for shipment.
Current status of the delivery is available here.
Scheduled Delivery Date: Monday, 11/13/2017
Shipment Details
From: eBook on Leukemia: Causes, Symptoms & Treatment
Tracking Number: 0IT41910520287451
Number of Packages: 8
Thank you for your business.
 __________________

From: Some Name < some different email@someplace.com>Date: Fri, Nov 17, 2017 at 12:02 PMSubject: Invoice number 00744297 issueTo:

HI,
This is your invoice dated 17 Nov 17. If you have questions or concerns, just let me know at 01382 844946.
http://xxxx .yyy/New-invoice-3498177/
Yours Truly,Some Name

Things to Note:

  • The name in the "From:" field usually does not match the email address
  • In some cases the "sender" name IS known to the recipient (though it is NOT from their email)
  • The URL addresses have been in multiple countries, none of them apparently related to UPS or the purported business
Actions
  • Do not download (and open) unexpected "invoices" 
  • If you have downloaded and opened this malware - contact your tech support immediately to assess and determine next steps
  • Report and forward any such mail to phishing@umn.edu

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.