A New UPS #Scam Is Making The Rounds… And It Is Somewhat Dangerous If You Fall For It

A reader sent me a scam email that he received which uses courier company UPS as a lure to suck you in. Here’s the email in question:

So unlike the last UPS scam email that I covered here, the threat actor behind this trying harder to make this more convincing. Though the lack of proper punctuation, missing capital letters in sentences, and only marginal grammar make it clear that this is a scam email. And there’s the fact that the logo in the top left says “ips” and not UPS. Plus the email address indicates that it didn’t come from UPS. The net result is that all of this should make you delete this email the second you get it. But the threat actor has an interesting setup if you click “Check Here” which by the way, you should never, ever do.

You get taken to a website that if you look in the address bar, isn’t UPS. That’s a red flag. The use of the same colorus as UPS is meant to make you more likely to get sucked into this scam. It kind of falls apart with the words at the top “[1] Reward Pending – Shipping Survey – We Want Your Opinion!”. That suggests to me that they’ve used this website in another scam.

For giggles, lets click confirm and see what happens.

Well, it claims that I have to schedule my delivery, and it gives a tracking number that isn’t a UPS tracking number. So I’m going to schedule this mythical delivery.

Apparently I owe some money for customs. The fee that is being quoted is way under what UPS charges for anything customs related, which is another red flag. But I am guessing that the threat actor is expecting you not to know that. Lets continue down the rabbit hole:

Now this is a sign that this threat actor is really trying as they created this whole menu map to have you select your delivery preferences. That’s clever.

So according to this, I’ll get my mythical package in three days. Let’s see what happens when I enter my delivery information.

Okay… This is a bit weird. I’m not trying to claim my offer. I’m trying to get a package delivered. This underscores that this threat actor has likely recycled parts of this website to pull this scam off. I decided to have a bit of fun with them:

I wonder if the threat actor will understand that the phone number is a song from the 20th century? Anyway, let’s move on.

Ah! So now we know what the endgame is. They want you credit card details. That possibly ties into the previous screen as having your name and phone number along with possibly your email address would help the threat actors go to town at your expense. Let’s enter some bogus info and see if they do any validity checking in terms of if the card is valid:

And the answer is yes they do as this webpage rejected my bogus credit card info. I’ll give this threat actor credit as they tried hard in the right places to pull this scam off. Specifically in the area to get your credit card details. That makes this threat actor kind of dangerous.

So what’s my bottom line on this specific scam? Avoid it by deleting the email the moment you get it. Because if you get sucked in, it won’t end well for you.

Leave a Reply

%d bloggers like this: