Email Scammers

Cyber criminals will never stop finding ways to attack users, and so often, victims are under the misconception that they won’t be attacked because they have antivirus software. It isn’t that simple. While it is imperative that you enable and update your antivirus software, it’s just as important to be mindful of the potential threats that can evade your Internet protection software.

The latest invasion generates emails that appear to come from UPS, FedEx, United States Post Office, and other reputable businesses. Customers are especially at risk because they often do business with these companies and may believe the email to be legitimate. Busy employers and employees may be in a rush and after seeing seemingly legitimate email addresses, may quickly scan the email without taking the time to determine its validity.

From the fraudulent UPS, FedEx, USPS, or DHL-type scammers, the email subject line reads the name of the company, as in, “United Parcel Service Notification” and comes from a similar email address, such as, infojs@ups.com.  The message falsely notifies the recipient that there has been a parcel sent to their home address and attempts to have the user click an attachment called UPSnotify.rar in order to obtain the tracking number. UPSnotify.rar contains a file called UPSnotify.exe, which is a Trojan downloader that downloads and installs malware on the user’s computer. Gbot backdoor and a variant of W32.Pilleuz are two of the attacks associated with this malware. The recently distributed emails appear legitimate by incorporating company brands, colors, or other legal disclaimers.

Other examples of this malware practice involve fraudulent airline emails. For example, fake Delta Airlines emails were recently released in which the user receives a confirmation of airline ticket purchase including a booking number and requests the user print the attached passenger itinerary receipt.  The attachment, when clicked, installs a data-stealing Trojan that grabs sensitive personal information like user IDs and passwords.

Also, be aware of fraudulent banking, mortgage, credit, and brokerage emails. One example, which falsely claims to be from Chase Bank, warns customers that they have had recent activity on their account, which has resulted in their account being locked until the user clicks the provided link. When the link is clicked, the user is asked for personal login information which when inputted is transmitted to the scammer for their use. Some scammers are going one step further by texting warnings to users with clickable links in order to obtain financial information. Chase Bank has issued statements reminding users that they will NEVER provide a link in an email to users. What they will recommend is for the user to type the web address into their address bar and log on directly to the website to determine if there have been any problems with their account. In addition, Chase will not ask for a PIN or password via email, text, or over the phone. These recommendations by Chase are the standard practice of many reputable companies.

The FBI is aware of and working hard to combat these scammers and requests any potential e-scams be reported to Internet Crime Complaint Center or forward unsolicited email offers and spam to the Federal Trade Commission at spam@uce.gov.