Today is Cyber Monday, the first Monday after Thanksgiving, and a day devoted to giving customers Black Friday-like deals through online shopping.

Cyber Monday sales can mean big savings for shoppers and massive profits for scammers, Cloudmark researcher Angela Knox wrote in a blog Monday morning alerting shoppers of a cybercampaign [1] designed to prey on customers worried about timely delivery of their purchases.

The “Package Not Delivered [2]” scam sends customers an email that looks so legit it’s scary.

The email, complete with a UPS banner, logo, and copyright notice at the bottom, reads, “Dear Customer, We were not able to delivery the post package.” Clicking a link in the email that says “Track Your Shipment Now!” directs customers to infected sites or downloads zip files containing malware.

The “from” address uses a legitimate UPS address or uses one that at a glance, looks real. The images in the email are copied from actual UPS emails and some links in the email may actually go to the UPS site.

"We’ve seen a number of variants in this campaign (some with attachments, some with no attachments and bad links), all of them personalized to the recipient, and sent from an ever-changing list of fake UPS employees or the generic ‘UPS Customer Services’," Knox wrote.

Around the first of November, spammers began testing the campaign for effectiveness, according to Cloudmark data. In a week's time, the number of reports spiked as spammers learned which variants of the email worked and scrapped the ones that didn't.

Fraud on the internet is a continuing global issue for the shipping industry, UPS spokeperson Susan Rosenberg told Security Management by phone. Package tracking scams [3] have been a weapon of choice for malware attacks since as far back as 2008.

“Fraud takes many forms: Online, email, the telephone, even people sending fraudulent checks or money orders through UPS, so we monitor the Internet regularly for unauthorized use of our brand or our marketing.” She added, “UPS may send official notices on occasion, but they rarely contain any kind of attachment.”

An alert on the UPS Web site warns of two scams circulating using the subject lines, "United Parcel Service Notification" and "Your Package Has Arrived!"

"Neither of these are legitimate UPS communications, and opening or clicking on the included attachment may result in the installation of malware onto your computer,” the alert says.

I actually received one of these emails last week. Gmail’s spam filter was able to catch the email before it went to my inbox, but the email was convincing enough that I did a quick Google search to see if the sender’s address was legit.

Knox says instead of clicking on embedded links in an email, shoppers should go directly to the shipping site to check tracking numbers. And real UPS notifications usually contain some additional details such as the full shipping address.

"You can detect the deceptive link by hovering your cursor over the link without clicking it. The actual destination of the link will display in a pop-up or in the lower left of your status bar, or other location in your email client. If the actual destination isn’t UPS.com, that is a reason to be suspicious," Knox said by email.

"Also, it’s a really good idea to be running the latest version of your browser software to minimize the chance that the malware can exploit a known vulnerability in the browser you’re running."

If customers are suspicious of an email, UPS asks that they forward the email to fraud@ups.com [4] or send a screenshot. 

photo by Jeremy Vandel/flickr [5]

Thumbnail: