This means, warned Websense yesterday, “that many people are eagerly waiting for their shipping notifications, to learn when the phone will arrive. I'm one of the people who pre-ordered an iPhone 5, and I'm still waiting for my delivery notification.” iPhone orders will be delivered by UPS. “So when I received a UPS notification email today, I obviously expected it to be about my iPhone. Turns out, it wasn’t.”
Three to four weeks is precisely the sort of time frame sort by cybercriminals; and they have not been slow. The professional-looking email, complete with UPS logo and few of the semantic, grammar or spelling errors often found in phishing emails, claims that the recipient’s delivery address is wrong. “Please print out the invoice copy attached and collect the package at our department.” It’s all very convincing and plausible.
But the mail contains an attached html page rather than the invoice – and the html page says, “Please wait a moment. You will be forwarded...” What it doesn’t say is that the user is forwarded to a Blackhole Exploit Kit host located in Russia; which Websense is confident will attempt to deliver financial malware.
The Websense Cloud Email Security service has already intercepted and blocked more than 45,000 similar emails (by the time you read this, there will undoubtedly be many more). “UPS/FedEx lures are not new,” warns Websense, “but in times like this – when people are eagerly waiting for an email of this type – the risk is great that recipients will have their guards down and will run the attached file.” Its advice is simple: “be extra careful if you're waiting for a delivery notification.”