June 9, 2011 at 7:03 PM ET
Windows users may be seeing emails in their inboxes that appear to be from United Parcel Service, but are not, says Sophos, Web and software security firm.
"The emails claim to be notification ... that a package is winging its way to your address," says Graham Cluley, Sophos senior technology consultant on the company's blog. "The cybercriminals behind the scheme hope that recipients will be intrigued enough to open the attached file, which can infect their computer with malware," or malicious software.
That software could leave you with a fake anti-virus program warning, telling you to pay up $50 or $100, or whatever the amount is, in order to get your computer's security in order ASAP. Don't buy it — literally or otherwise. It's also considered "scareware," designed to scare recipients into action and opening their wallets.
While such attempts are often marked by emails that include spelling and grammar errors, "Sadly you can't always rely on the bad guys being sloppy with their typing, and some attacks are more professional than others," Cluley says. "The fact is that simple social engineering tricks like this can be enough to trick people who really should know better into making the mistake of opening an unsolicited attachment."
He also notes that "when someone sends you a parcel, they give the delivery company your snail-mail address. They're very unlikely to have also given them your email address! So be suspicious of any emails from delivery companies which arrive unexpectedly."
UPS says problems with fraud and misrepresentation of its service is a "continuing global issue." Because of that, the company does post fraud protection and virus warning information on its site.
A spokesperson for the company said UPS "may send official notification messages, but they rarely include attachments. A suspicious or unexpected email from UPS can be forwarded directly (via email) to: email@example.com
"You should not open attachments and should delete the email after forwarding. UPS continues to work with local and national authorities as well as participate in a cyberspace fraud task force. It's a continuing challenge."
Among the ways to tell if a UPS email is fraudulent, the company says: