PHISHING: UPS Delivery Notification Example


Nearly everyday we see phishing attempts and in order to spread awareness from time to time we will share some examples with our blog readers. Here's the never ending UPS delivery Notification messages as an example.

As you can see in the message there is one dead giveaway right away, the domain intruck[.]com which is claiming to be United Parcel Service in the received message.

Looking at the link the click here part of the email reveals the domain https://capitalsolar.in.net/js/2w/?mes1=[REDACTED].

So as you can see there are 2 dead giveaways right there. Digging into the source of the message also reveals the servers that sent the message which we have seen before (105.0.5[.]93).

While these messages look legitimate they serve as gateways to malware infections, farther spamming activity and ransomware.

As always be vigilant and do not click on links unless you are expecting the email and you verify that the links point to legitimate services.

IOCS:

intruck[.]com

capitalsolar.in[.]net

105.0.5[.]93 - A repeat offender

#PhishingActivityReport

9 views

Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2018 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business Jigsaw Security is an operator of WIMAX networks and is operating under license WQVC235 as a common carrier, non-common carrier and private communications operator. Jigsaw Security operates cable and satellite services. Courses may be provided by a third party authorized training partner in some cases. Some training is only available for cleared and US Citizens. Courses approved by the North Carolina Department of Public Safety Private Protective Services Board for licensing and CE credits. JPM program insurance is provided by an authorized Jigsaw Security Insurance Partner and is not underwritten by Jigsaw Security. For insurance information please contact our JPM program manager. Jigsaw Security operates a network through our NCBroadband brand.