I fell for an email hoax

an attack happened here by Andy_Gardner

The hoax email sounded so plausible

By Spencer D Gear PhD

I have been warning people on this homepage since 2013 about the damage done by hoax email and misinformation on the Internet.

However, on 7 January 2016 I was a sucker to such an email myself. When I woke up to its content and origin, I deleted it immediately. This is how it happened.

Hoax email content

I received an email with a heading that incorporated UPS [United Parcel Service]. Since I have lived in the USA, I knew of the extensive delivery of packages by UPS. The email stated that a UPS package was unable to be delivered to me and that I should pick it up at my local UPS agency. There was an attachment that gave the details.

What caused me to query such a statement in my mind was that I live in Australia and do not know of a local UPS agency. UPS is a USA based agency that has a worldwide distribution network.

What made it sound plausible was that it gave a delivery number and there was an attachment that I attempted to open. It was then that I realised this was a hoax with a nasty intent. My virus protector kicked in with a scan.

I immediately looked at the senderโ€™s email address and it had no connection to UPS.

Confirmation of evil intent

I went searching to find if this kind of hoax had been experienced by others. Snopes.com confirmed the fraudulent nature of this email:

#We have become aware there is a fraudulent email being sent that says it is coming from UPS and leads the reader to believe that a UPS shipment could not be delivered. The reader is advised to open an attachment reportedly containing a waybill for the shipment to be picked up.
This email attachment contains a virus. We recommend that you do not open the attachment, but delete the email immediately.
UPS may send official notification messages on occasion, but they rarely include attachments. If you receive a notification message that includes an attachment and are in doubt about its authenticity, please contact [email protected].
Please note that UPS takes its customer relationships very seriously, but cannot take responsibility for the unauthorized actions of third parties (snopes.com 1995-2016, โ€˜Package Delivery Virusโ€™).

address book

The UPS offers this warning on its website, โ€˜New Fraudulent Email Circulatingโ€™. It stated:

View Examples of Fraudulent Emails

Please be advised that UPS does not request payments, personal information, financial information, account numbers, IDs, passwords, or copies of invoices in an unsolicited manner through email, mail, phone, or fax or specifically in exchange for the transportation of goods or services. UPS accepts no responsibility for any costs or charges incurred as a result of fraudulent activity.

In its preventive work to fight fraud, UPS recommended this approach:

Help Us Prevent Email Fraud

errors

If you suspect someone is fraudulently claiming to be UPS, let us know. Email us at [email protected]. Reporting fake or bogus emails helps us in our fight against criminal activity.
UPS is a global company with one of the most recognized and admired brands in the world. Occasionally, fraudsters take advantage of UPS’s reputation by using our name or services to target your personal and sensitive business information. By creating tempting downloads and attractive websites, fraudsters can lure you to links that prompt you to enter sensitive information or download malware — malicious software such as viruses or spyware. While UPS is not liable for the actions of third parties, we are working to prevent and detect fraud where possible (Fight Fraud, 1994-2016. United Parcel Service of America Inc).

Unfortunately, I had deleted the email I received before I was able to report it to UPS. In fact, it was only after deletion that I investigated what UPS recommended that I should do.

Criteria for identifying email and Internet hoaxes

The Australian government has online help with its article, โ€˜Recognise scam or hoax emails and websitesโ€™ (Department of Communications and the Arts).

WikiHow has a valuable article on How to Spot an Email Hoax or Phishing Scam. This article deals with:

# Understanding Phishing

#ย Spotting the Hoax

#ย When Not to Reply (Most Times)

#ย Hoax-Proofing Yourself and Your Family Questions and Answers

Alert

On 7 January 2016, I learned these criteria from the mistakes I made:

1. If the wording of the heading of the email sounds strange, it probably is and warning bells should be ringing not to open it.

2. I should have recognised this as Iโ€™ve had nothing to do with UPS and knew of nobody who was sending me a parcel via UPS. My three overseas books from the UK had arrived in the last few days and I knew they were coming through Australia Post.

3. Then look at the email address of the sender. Is it an email with which you are unfamiliar or is it a variation of a familiar email, but with some contamination?

4. If so, do not open the email but go searching the hoax sites (see below), using the exact wording of your email content, to investigate if this is a phishing method that has been used previously and is being used on you.

5. If possible, advise the reputable source that may be associated with the hoax email so that it knows of this contamination of its product.

Beware of those email fraudsters

Many people are falling victim to circulating Internet and email hoaxes about various subjects. I got caught myself yesterday. We are all vulnerable to these con men and women on the Internet who want our money and to ruin our computers and reputations through spreading viruses.

Many of these hoaxes can be checked out at various sites on the Internet that investigate possible hoax emails and Internet smears. These are the ones I use regularly:

#Snopes.com;

#Urban Legends;

#Hoax-Slayer; and

#TruthorFiction.com.

 

Copyright ยฉ 2016 Spencer D. Gear. This document last updated at Date: 8 January 2016.