Fraudulent emails that appear to be sent by UPS are very common, at least in my spam tray every week I come across some. They generally include infected attachments that pretend to be documents that victims must download to verify the data of an alleged shipment.
These are simple attacks to detect, but those users who are unaware of this kind of trickery or accidentally expect a UPS package can easily fall into the trap.
Fake UPS website:
Something that until now I have not seen is a fake UPS (phishing) site that copies the design of the real page to cheat with the download of a supposed plugin missing in the browser. The case was detected a few days ago by researcher Julien Sobrier de Zscaler:
If the user believed that everything was real, he ended up installing a Trojan JavaJREInstaller.exe that when it was discovered, only 4 antivirus detected it by means of signatures (VT 4/43).
Simulating the lack of a plugin to infect is not new, but as we see cyber criminals are always changing their techniques to surprise us off guard. Although they do not mention it in Zscaler, surely this fake website was being spread by mail as spam, with malicious links instead of infected attachments.
Common sense with plugins: Before installing a plugin in your browser, make sure you are on a trustworthy or legitimate site, also ask yourself if you really need it and why the site is offering it to you. If you have doubts it is best not to accept it since you could be downloading malware, in any case it is never a bad idea to consult some help forum such as SpamLoco.
Other examples of tricks with fake plugins: – Fake extensions spread by Facebook. – Greetings at the end of the year with fake Flash plugin. – Fake PornoPlayer that blocks the system.