Detected by MailGuard, the phishing email is designed to look like a FedEx shipment notification.
It addresses the recipient by name and is sent from ‘firstname.lastname@example.org’. While it’s a plausible-looking address, the real FedEx sending domain doesn’t have a hyphen. A link in the email, called ‘Track parcel’, directs the recipient to a webpage hosted in Dropbox.
It tells users they must sign in to view the package, and then redirects to a fakeOffice 365 phishing page.
Those who hand over their user name and password at the fake page are then directed to the real OneDrive home page.
FedEx warns: Be on alert for scams
The delivery company says similar phishing emails contain the subject lines “Shipping Conformation,” “Verify Info”, “Some important information is missing” and “Please fulfil the documents attached to verify your identity.”
Some of those variants have been known to contain viruses or other malware.
“FedEx does not send unsolicited emails to customers requesting information regarding packages, invoices, account numbers, passwords or personal information,” FedEx advises.
“If you receive a message matching this description below, do not open the email or click on the attachment. Delete the email immediately or forward it to email@example.com.”
The danger of falling for a phishing scam
As many people – dangerously – use the same log-in and password information across many internet sites, victims who provide their email account details to scammers may inadvertently hand over the keys to their bank accounts and other personal information.
Aside from losing access to your email account, you could soon discover other accounts have been infiltrated.
The top tell-tale signs of phishing scams
- A sense of urgency in the email
- Bad grammar, poor spelling, misuse of punctuation
- Requests to verify email account information
- Illegitimate links (hover over them and you can tell if the link matches the purported destination)
- Generic greetings such as ‘Hello sir’
- Obscure sending addresses, or the use of a hyphen in the name to trick recipients
- Distorted logos/poor quality graphics
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.