- Internet & the Web
Bogus UPS Quantum View E-Mail Notification Scam
Web Mail Screen
Don't Open that E-mail!
For the past few weeks I have been noticing an increase in the number of scam e-mails I've been receiving that the spam folder seems to have missed. I've also noticed these e-mails in the spam folders, and those not familiar with the scams might think they have been marked spam by mistake. It's true that some e-mails that you really want can land in the spam folders, but those are usually from people you know or groups you belong to. Because spammers are getting so bold, the spam folders often collect anything with a subject header that contains the words "order" or "credit card" when they might be emails that actually are from your bank or from customers who do want to place an order. That's why I always do check through the hundreds of messages in my spam folder to make sure I don't miss an important e-mail. Some e-mail headers are so bad I feel like taking a bath after screening my e-mails. Some are honest about the product they are selling. Some have headers that are downright deceptive in getting you to click to open the email and see what they are really selling , or, in the worst case, they infect your computer if you open them. One of the most deceptive scams coming to your computer soon is the fake UPS e-mail notification.
Fake UPS E-mail
The UPS Scam E-mail
One scam I'm seeing more and more of is the UPS scam. Whether or not you have sent or are expecting something from UPS, you get an email similar to the one in the picture that says this:
UPS Tracking Number 9BYCL3N
Wednesday, August 5, 2009 10:31 AM
From: "Frederick Tyler" <firstname.lastname@example.org>
Message contains attachments UPSNR_05fa2628.zip (27KB) Dear customer!
We failed to deliver the package sent on the 15th of July in time
because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office.
Your United Parcel Service of America
There are some things that you should observe right away about this e-mail.
1. The sender's e-mail address ends in .ru, which means it was sent from Russia. All fake messages might not come from Russia, but an official email from UPS will probably not be from another county. Also, as you will see in a later picture, the real UPS e-mails have a different From header.
2. The to header does not contain my proper e-mail address. They have taken my domain and added a non-existing prefix before the @ sign. So look closely to make sure the e-mail is actually addressed to your proper address.
3. You will notice that there is an attachment in this e-mail. Do not open it, or it will unload something nasty onto your computer.Supposedly this is an invoice to print and take "to our office." Isn't it odd that they don't give the location of the "office" you are to take it to?
4. The tracking number is much shorter than a real UPS tracking number, which looks more like this one: 1Z081Y0E0390613245
Delete this email without even opening it for the sake of your computer.
Quick UPdate, August 7, 2009: I just got another fake in today's in box. Check up the similarities with what I showed you above:
From: "Tanner Lovell" <email@example.com>
Subject: UPS Tracking Number I6FJM1V
Hello! We were not able to deliver the postal package which was sent on the 9th of July in time because the addressee's address is not correct. Please print out the invoice copy attached and collect the package at our department.
Your United Parcel Service of America
A New Fake: Updated November 14, 2011
Today I received three different fake UPS messages that are more like the genuine ones. But fortunately, I've not sent anything UPS lately so there's no reason I should receive these notifications. Some, like the one in the image below, are even to wrong email addresses. That's not how UPS does business. Neither do they ask you to click on an image.
Two of the three emails did not have a carbon copy -- just this one. It appears three different people were hitting me at once. The delivery date is October 18 and today is November 14. UPS sends these immediately on the day of the delivery -- not three weeks afterwards. The only thing different in the body of the email is the tracking number at the top, which, incidentally, does not match the number at the very bottom. I'm not sure what the number at the bottom is for, but the real message, which I shall show you below the fake, doesn't have anything similar.
On the real message, the exact name of the receiver is given, not "customer man." The delivery time should be the date you got the email. On all three fakes I got, the date, weight, and time were the same. Only that number at the bottom, above "Discover more about UPS" is different. An affiliate number maybe? Who knows?
Some people still may be getting the old fakes, but you can no longer rely on the UPS Quantum View in the from header to prove it's real. If you didn't send a package via UPS, that should tell you right away. If you still wonder, go to the UPS site (on your own, not by way of any link in the email) and use it to try to track the package. Or call a local UPS store and ask about it. Meanwhile, please compare the two images below to see the difference between the real and the new fake. And continue to be alert. The crooks may read this and get a better fake circulating as they did this time.
The Real UPS E-Mail Notification:
The true e-mail notification that a package you sent could not be delivered has a heading like this:
From: "UPS Quantum View" <firstname.lastname@example.org>
Subject: UPS Delivery Notification, Tracking Number 1Z081Y0E0390634567
(Unfortunately, now some of the fakes do, too. See capsule above for details)
(I changed my email address on the actual note I received)
This e-mail will either tell you that your package has been sent as you expected, or that there was a problem with delivery, or that the package has been delivered. If there is a problem, you won't have to click any attachments. The body of the e-mail will describe the problem. If the address was invalid or the package was refused, they will tell you the package is being delivered back to you. I know this is true because I use UPS to ship packages on a frequent basis. I have gotten all the different kinds of official UPS notification messages. I had a package refused once and returned to my place of business. No one expected me to come pick it up.
Any official notification from UPS will have a tracking number like the one I showed you in the header above. above. It will link to the web site where you can see exactly what is happening to your package. The real UPS notification will also have the address that was shipped to and any other identifying information you put on the label. The fake notification has none of this.
Fake UPS Message
Real UPS Delivery Confirmation Message
More about Internet Scams and Fraud
More UPS Fraudulent E-mails
The scam I have detailed on this page is one of many that send fraudulent e-mail messages that are supposedly from UPS. You can read about some of the others on the UPS site.
Update on Similar Emails
I updated this on November 14, 2011. I'm still getting lots of these fake emails from UPS, but as noted above, the fakes are better now. Similar ones are now coming that are supposedly from LinkedIn, Facebook, and other social networking sites. If your email program has filtered something into your spam folder, chances are that the emails you see there supposedly from PayPal, LinkedIn, Facebook, and other places where you have accounts are really fakes trying to steal your log-in information for those sites to lock you out and use them for nefarious purposes. Don't open them.
Go to the real site the usual way and log-in to see if you have real messages. If you have opened an email you are unsure of, don't click on any links. Mouse over the link you are supposed to click and see if the address at the bottom of your computer screen has anything you would not expect added to the URL. Most fake addresses have some extra letters or numbers before or after the domain name.
Many times your spam filter does not catch these fakes and they do land in your In box. No genuine emails from these sites normally comes with an attachment, so beware anything with an attachment. If anything looks different about the email, don't click on any links. Go directly to PayPal, LinkedIn, Facebook, or other site and just log in. Any legitimate message will be in your In Box after you log in.