Tag Archives: virus

Picasa Library Photo Scam

Posted on by
5

Another one. Or two.

Another heads up on a phishing scam. This one comes in the form of an email message from “Picasa Library” or “Picasa Photo” that’s marked Urgent.

Pointing to the button in my email message window (see below) clearly shows that the link doesn’t go to Picasa (a photo sharing site) at all. It’s just another scam — another attempt to get you to go to a site and enter login information or download a virus.

Picasa Email Scam

It was pretty obvious to me that it was a scam, mostly because I don’t use Picasa and certainly don’t have 76 photos on the site. But if you do use Picasa? And had just uploaded a photo? You might be fooled.

Don’t be.

ADP Payroll Invoice Scam

Posted on by
3

Sloppy work, but I’m sure some people will fall for it.

Have you gotten an email message supposedly from payroll@adp.com (but really from someone else)? A brief email with the ADP logo and an invoice.zip file attachment?

Don’t open it.

Although I don’t think opening the message will cause any harm, the attachment is likely some sort of virus — or contains one when opened — and that can’t be a good thing.

Here’s what the message I got looks like. Note the From field and the typo in the bold, underlined text.

ADP Scam

I’ve said it before and I’ll say it again: Don’t open attachments you aren’t expecting, especially from organizations you don’t have some sort of email relationship with. Doing so is just plain stupid.

Coincidentally, I worked for ADP at their corporate headquarters back in the 1980s.

UPS Package Invoice Scam

Posted on by
6

Yet another email scam to be on the lookout for.

UPS ScamToday, I got an email message from UPS Quantum View . On the surface, it looked almost legit. There was the from field, which certainly looked legit and a subject of “UPS Delivery Notification, Tracking Number CDE31400FCA9E1A9.” That didn’t sound right to me — I’ve never had a UPS tracking number that started with the letter “C.”

I first saw it on my iPad, so that’s where I opened the message. When I read the contents, I knew something was wrong. It was a plain text message that said:

You have attached the invoice for your package delivery.

Thank you,
United Parcel Service

*** This is an automatically generated email, please do not reply ***

I’ve never received any communication from UPS that wasn’t in HTML. And I’ve never received one with poor English (note first sentence). And finally, I’ve never received any communication from UPS that included an HTML attachment — this one was named invoiceCDE31400FCA9E1A9.html.

Of course, to verify my suspicion that this is some sort of scam, I had to open the attachment. I wanted to do that on my Mac, but not with a Web browser. Instead, I used a plain text editor, TextWrangler. Inside, I found the usual collection of HTML code that would display UPS-looking text and graphics. But most of the links inside the document were to the domain www7apps-myups.com. A quick Whois lookup revealed that the domain is registered to someone in China.

Not UPS.

Other than a bit of javascript at the end of the message that appears to be some sort of counter, the attachment looked harmless enough. I can only assume that clicking the links within the attachment is what triggers whatever this scam attempts to do.

I can imagine someone more gullible than me getting this email message and wondering what package UPS was telling them about. They open the linked file, see what looks like a legitimate UPS communication, and click the link to learn more about the mystery package. Their computer then becomes infected with some sort of virus or perhaps the page itself attempts to get information that the scammers can use for financial gain. I don’t know. I’m not about to try it. You shouldn’t either — not on a computer that isn’t quarantined for this kind of work.

I’ve said it before and I’ll say it again: Don’t open file attachments you aren’t expecting, especially from people you don’t know. Don’t click links from strangers.

Oh, and if you get one of these, forward it to fraud@ups.com.