AARP's Fraud Resource Center can help protect your digital identity! Learn more.
by Sid Kirchheimer, AARP Bulletin, July 27, 2009
Don’t blame the messenger: Incoming e-mails purporting to be from FedEx, UPS or DHL aren’t really from the courier services. But they intend to deliver trouble.
In one fast-growing scheme, these e-mails say there’s a package for you that cannot be delivered, with instructions to click on a link for more information or to print a copy of the delivery order for personal retrieval.
Clicking that link downloads any of a number of malicious computer infections. At the very least, some slow your computer’s performance and trigger phony security alerts, followed by repeated pop-up warnings to purchase fake antivirus protection—known as “scareware.” Some viruses use your computer to send spam to others. Others are even more dangerous, unleashing “keystroke loggers” that can allow the hacker to capture your passwords and online banking and credit card information.
Targeting delivery companies
Since this scam first gained notice last summer, “it has become one of the most commonly encountered disguises used by cybercriminals hell-bent on distributing malware,” says Graham Cluley of the IT security firm Sophos, who writes a blog on online threats.
This scam isn’t limited to delivery companies. Similar e-mails have been sent under such guises as confirming or sending invoices for airline tickets or linking victims to websites promising information about parking violations.
But delivery services make ideal targets because “people do receive parcels,” Cluley says, which accounts for the eightfold increase in these dangerous e-mails over the last nine or 10 months. “FedEx, UPS and DHL are pretty much evenly targeted.”
In reality, it’s unlikely that the bona fide courier would even have your e-mail address. UPS officials say that the company “may send official notifications on occasion, but they rarely include attachments.” Crooks, however, buy the e-mail addresses of their intended victims or collect them when they get responses from other spamming attempts.
Other ruses falsely using the names of these well-known couriers involve e-mails—and to a lesser extent phone calls—claiming you have a package or check for a prize, but you must pay for shipping charges or taxes on these via a wired payment or credit card. In one recent case, a woman in Oregon lost $17,000 after receiving a phony FedEx e-mail saying that that sum was needed to cover taxes and paperwork for the $500,000 jackpot she had won.
Telephone messages left by scammers often provide an overseas number to call back, trapping victims into paying outrageous long-distance charges—on top of anything paid for alleged delivery fees.
The bottom line: Be suspicious of any e-mail or phone call from a delivery service. If you receive an e-mail, do not click on any attachments or links; instead, forward it to FedEx at email@example.com, UPS at firstname.lastname@example.org or DHL via its website.
You can also notify the FBI’s Internet Crime Complaint Center.
To detect and remove viruses, scan your computer at least weekly with updated antivirus software that you purchase. If you’re shopping around, consider buying a “security suite,” such as the newer protection programs from McAfee and Norton that some experts say are better at remedying malicious spyware.
To learn more about online security, visit the National Cyber Security Alliance or the federal government’s OnGuard Online.
Sid Kirchheimer is the author of “Scam-Proof Your Life” (AARP books/Sterling).
Please leave your comment below.
You must be logged in to leave a comment.
Get tips and resources to protect yourself from fraud and see the latest scam alerts in your state.
Members save 15% all day, every day at participating locations.
Exclusive program for members from The Hartford.
AARP members receive exclusive member benefits & affect social change.
You are leaving AARP.org and going to the website of our trusted provider. The provider’s terms, conditions and policies apply. Please return to AARP.org to learn more about other benefits.
Your email address is now confirmed.
Manage your email preferences and tell us which topics interest you so that we can prioritize the information you receive.
Explore all that AARP has to offer.
In the next 24 hours, you will receive an email to confirm your subscription to receive emails
related to AARP volunteering. Once you confirm that subscription, you will regularly
receive communications related to AARP volunteering. In the meantime, please feel free
to search for ways to make a difference in your community at