![]() ![]() Given the amount of deception and misdirection that it took to get to this point, it's a fair bet that the image was nothing good. Los servicios de transporte de camin parcial UPS Freight (LTL) son ofrecidos por TFI International Inc., sus filiales o divisiones (incluido, sin limitaciones, TForce Freight), que no estn afiliados a United Parcel Service, Inc. Unfortunately, by the time Bleeping Computer was able to repeat the process, the image was no longer available, so we can't be exactly sure what it contained. Conctese o Suscrbase para ver sus envos rastreados recientemente. Needless to say, you should never Enable Content on some random Word, Excel or PowerPoint document downloaded from the internet.īut if you do, a macro in the Word doc downloads a possibly malicious. Microsoft Word will tell you that macros - small scripts that can run in Office files - have been disabled, but the Word file tells you to "Enable Content" to see the text. Open that Word doc, and the text will be so blurry that you won't be able to read it. Here's where this scheme becomes more of a regular phishing/malspam scam, and where it's easiest to avoid. The crook has exploited a cross-site scripting (XSS) flaw in the UPS site to add their own code, which reaches out to another website to fetch and deliver a Word document to the site visitor. Click on either, and you land on a page on the UPS website telling you that "Your download will start shortly." That will display the destination URL at the bottom of your screen.īut in this case, you'll see a real UPS.com web address when you hover over the tracking number or the invoice link. Normally, you can avoid email-based phishing scams by hovering your mouse cursor over the link in the body of the message. However, it wouldn't be that difficult for the sender to "spoof" a legitimate UPS.com email address if they wanted to. The only tip-off that this is bogus is the address of the email sender, which includes "unitedparcelservice" but has a different dot-com name. You are invited to "download and print out the invoice to pick up the package at the UPS Store" or to click the tracking-number link. The deception begins with a convincing-looking email message notifying you that "your package has experienced an exception," defined as "when a package or shipment encounters an unforeseen event." How the phish works - and how to avoid it But it won't be the last time this method is used in phishing and "malspam" (malicious spam) campaigns. Your package shows as delivered but you can’t find it. Contact UPS I Have an Issue With My Package Delivery If you have a lost package or it's damaged, we'll investigate, If we can’t find it, we’ll issue a claim. Track your parcel online at any time: All you have to do is simply enter one or more parcel numbers. ![]() UPS.com has since fixed the particular flaw that permitted the crook to inject malicious code right into the company website, and most of the best antivirus software detects the malicious Word doc. Use our virtual assistant, or find the customer service route best suited for you. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |