Usually we intercept emails regarding an fake UPS tracking or delivery issue with viruses and trojans attached at MX Lab, http://www.mxlab.eu, but today, we intercepted some phishing emails regarding “UPS parcel”.
The email is sent from the spoofed address “United Parcel Service <email@example.com>”, listens to the subject “UPS: Tracking Number Notification” and has the following body:
Your Parcel has been returned to the UPS office nearest to you.
The reason for the return is as a result of incorrect delivery address information.
Kindly click on the below link to update us with your Mobile Number and in less than (42 hours) an agent will contact you on phone to correct your delivery address to enable delivery of parcel.
To update us with your Mobile Number, please Click Here and enter the below tracking number of Parcel.
Tracking # ( 1Z9575R2P297341747 )
Note: Ensure you enter your correct email information and Mobile Number to enable us reach you on phone.
UPS Logistic Service.
Copyright © 1994-2012 United Parcel Service of America, Inc. All rights reserved
The first URL, hxxp://www.simonkagyorgy.hu/wp-content/uploads/2012/02/txt.htm, and is used for redirection to hxxp://www.sarperkara.com/wp-includes/images/crystal/www.ups.com/one-to-one/ where the phishing begins with what appears to be a genuine UPS tracking page.
The next screens asks for your email address, password from your UPS account and phone number after filling in the tracking details.