Another week, another “failed delivery” malware attack

You may have come into work this morning to find an email in your inbox which claims to be from United Parcel Service of America. Well, if you did receive such a message then you’re far from alone – as we’ve been intercepting many examples as they were spammed around the world.

The emails read as follows:


We were not able to deliver postal package you sent on the 14th of May in time because the recipient's address is not correct. Please print out the invoice copy attached and collect the package at our office.

Sign up to our free newsletter.
Security news, advice, and tips.

Your United Parcel Service of America

Malicious spam attack posing as communication from UPS

Just so you know, the tracking reference number used in the email’s subject line changes each time.

Attached to the email is a file (called in the samples we’ve seen) that contains a malicious Trojan horse which Sophos detects as Troj/Agent-KBE. Launching the file is, obviously, not a good idea if you want to protect your computer from hackers.

The emails have a slightly different subject line each time

If you’re a regular reader of the Clu-blog then this attack won’t be any surprise to you – we’ve seen similar attacks on many occasions taking advantage of the names of shipping companies like UPS, DHL.

What is perhaps alarming is that the hackers still seem to think it’s worthwhile using this trick to bust their way into innocent users’ computers. Shouldn’t we all be wise to this kind of social engineering by now?

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.