Sophos researchers are warning of a spam campaign that asks recipients to click on a link in order to update their UPS accounts.
"The link ... leads to a compromised website in the Seychelles," writes Sophos' Chester Wisniewski. "It appears the attackers have exploited a vulnerability in the Joomla CMS installed on the host."
"It is unlikely the phishers are really trying to access your UPS account, but rather are counting on the fact that most users reuse their usernames and passwords for multiple sites," Wisniewski writes.
Go to "UPS phishing email wants your shipping credentials" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.