Don’t take this survey lurking in your inbox – it’s a scam
January 24, 2021
By Kim Komando
If you receive a confirmation email from UPS, watch out. It could be a trick. Scammers are posing as the United Parcel Service, shooting out fraudulent emails to trick you into clicking malicious links.
If you thought postal service scams were over in 2020, think again. Since the pandemic’s not over, people are still ordering packages more than ever before, which means we see all kinds of new shipping scams. Tap or click to see five of the most recent viral scams.
This newest scam sends you what looks like an official UPS email. You’ll see official titles, logos and colors that make it look authentic. The subject line says, “confirmation email.”
Notice the improper capitalization. That’s the first sign of a scam
When you tap on the subject line, you’re taken to an email that looks like this:
Notice how the body of the email doesn’t match the subject. Although the scam draws you in with the mention of confirmation, the email never mentions what it’s confirming.
There’s a specific reason why. The scammers are manipulating your emotions, trying to make you feel nervous. “Why am I getting a confirmation email?” they want you to wonder. “I didn’t buy anything!”
The tricksters want to throw you off-balance, so you’ll be more susceptible to clicking the link. Whenever you get an email that looks official, always take a deep breath before you proceed. Electronic messages like this email often have malicious hyperlinks leading to malware.
Malware can infect your devices in numerous ways, but one of the most common is through spam emails. Once you click on a malicious link inside a spam email, it’s game over. Your device is infected.
Sometimes that malware can even turn your email address into a malware superspreader. Thankfully, there’s now a simple way to find out. Tap or click here to find out if your email is being used for spam.
Unsure if you’re seeing a malicious email? Always check the sender
Take a look at the email address that reached out to you. There are two crystal clear signs of fraudulence in this fake UPS email. Can you spot them?
Firstly, the email address is a random, seemingly nonsensical combination of letters and numbers. No company would reach out from a sloppy email address like this. They’re dedicated to customer service, so they would use an address you can easily remember.
Secondly, check out the domain. UPS officials would never reach out from a Gmail account. That’s because the service uses its own domain. For example, the email address you’d use to contact UPS about this scam is fraud@ups.com.
Think about it this way: Scammers want to work quickly and cheaply. Creating a whole new domain to masquerade as UPS would be costly. Instead, they’ll use free email services — like AOL, Yahoo or Gmail — to send malicious emails.
There’s another sign of fraudulence that gives away a spam email. Whether or not you recognize it depends on your tech expertise. If you don’t know how email inboxes work, this final giveaway of a malicious email may fly under your radar.
Here’s the tech trick to see if a scam is targeting you
So, you’ve opened an email. You’re not sure if it’s a scam or not. Take a look at the address line: When this person tried to reach you, what email address did they enter?
Take this UPS scam, for example.
First, look at the email address the scammer reached out to: serena@aol.com. The same address pops up in the Cc field, which is used to send a copy of this email to any address of your choice. (Usually, people fill in the Cc field to keep someone in the loop, like if you’re making plans with Person A and want Person B to be in the know.)
There’s just one problem. Somehow, this email wound up in the email inbox for serena.osullivan@komando.com. How could this happen?
There’s only one reason why: The sender used the Bcc field. If you don’t know what that is, here’s a quick refresher.
Sometimes, you want to send a message to a huge group of people. Maybe you don’t want the people who receive the email to see the complete list of recipients. Using the Bcc field, you can send a mass email to dozens of people without letting them see who else is getting it.
When you’re sending out an email, the Bcc and Cc entries pop up underneath the main address, like this:
Now, back to the scam giveaway. You’ve opened a potential scam email and you looked at the email address they used to reach out to you. Maybe it looks legitimate.
Before you decide to trust the email and click the links, double-check the “To” field. Is the field filled with your email address? Or is it a completely different address you don’t have access to?
That means they entered your true address under the Bcc line, which you can’t see. Ask yourself what their motivation could be. If they’re hiding the list of recipients, they’re probably sending this message out to countless people — and scammers are always playing the numbers game.
Want to boost your email know-how? Tap or click here for five essential email tricks you’ll wish you knew sooner.
Moving forward, take these steps
When you see an email with a subject that makes you nervous, that’s a potential sign of manipulation. Scammers play on your emotions to make you vulnerable.
When you get an email from UPS, analyze it before you click any links. Make sure to keep these tips in mind, too:
- UPS does not request financial or personal information. It won’t send out unsolicited emails or calls asking for your account number, ID or password.
- Never click links in an email you’re unsure about. It’s better to be safe than sorry, so take a screenshot of the email and forward it to Fraud@ups.com. They’ll confirm whether the email is legitimate or not.
- Watch out for grammar and spelling errors. A legitimate company like UPS will have the money to hire people with strong writing skills. A scammer has far fewer resources.
- Pay close attention to what the email asks you to do. Does it say there was a security problem with your account? Does it say you need to click a button to log in? That’s a classic phishing technique.
It’s easy to fall for malicious emails when you don’t know what to look for. By taking these steps, you’re one step closer to a safe digital life.
Another great way to stop falling for malicious scams is to stay aware of the latest trends. After all, online criminals are always coming up with new techniques to trick you and snatch your data. Subscribe to Kim’s newsletters, which give you daily updates to make sure you’re up-to-date on the latest scams!
https://www.komando.com/news/ups-phishing-scam/