It’s that time again! December is here and with it brings the holiday season, cooler weather and of course, seasonal spam and phishing campaigns. 2016 hasn’t proven to deviate from the normal trend as various amounts of spam traffic has been spotted recently looking to partake in the festivities. One such campaign is the newest UPS shipping notification phishing scam seen earlier last week. There’s nothing unique about this email blast, however its worth mentioning due to the long tradition of December being a peak period for package shipping worldwide.
In the message shown in the screenshot below, spammers attempt to trick recipients with a fake UPS shipping notification email. You can see that they’ve not only spoofed the sender’s address, but the web link provided in the message body as well. It should be noted that the exploited link redirects the recipient to a private web server which attempts to deliver a malware payload. Over 200 samples from this email blast were analyzed and various domains and server IPs have been utilized throughout the campaign. The content of the messages themselves on the other hand seems to be relatively consistent across the board.
As we approach the holiday season, it is imperative that end users be extra vigilant when receiving suspicious emails. As noted earlier, it is quite common for these types of campaigns to be spotted in the wild around this time of the year. Those expecting packages from friends and loved ones are more likely to succumb to this type of fraud, however without proper security awareness training anyone can become a victim.