MailGuard has intercepted a sophisticated phishing email campaign masquerading as a FedEx shipping notification. The scam is designed to harvest user credentials and is being distributed via a compromised marketing account on a legitimate email platform—evading most detection engines.
Here’s what the emails look like:
What Makes This Threat Convincing?
This phishing campaign is highly polished. The email includes:
- A convincing FedEx banner and branding.
- A realistic image of a parcel to reinforce legitimacy.
- Email footer scripting that displays the recipient’s own email address—making it appear personalised and official.
- Images that are hosted on a compromised Google account, a tactic often used to bypass detection by traditional filtering solutions.
Who is it really from?
Although the email appears to come from FedEx, it actually originates from a compromised corporate SendGrid account. This abuse of a legitimate marketing platform makes the threat particularly dangerous, as it can easily slip past less sophisticated email filters and deceive even cautious recipients.
The ultimate goal? Your credentials.
Clicking the link in the email redirects users to a fake login page (disguised as a Webmail portal), where they’re prompted to enter their email and password:
Multiple Attacks, Same Infrastructure
MailGuard analysts have confirmed that this phishing infrastructure is being used across multiple campaigns. Another scam—posing as a payroll update—redirects users to the exact same phishing site. This strongly indicates a single, coordinated threat actor behind both attacks.
At the time of writing, only one other vendor is identifying this link as malicious, however MailGuard’s proprietary ML & AI-powered email threat detection stopped it in real time.
Stay Safe - Know the Signs
MailGuard advises all recipients of these emails to delete them immediately without clicking on any links. Responding or providing personal details can lead to identity theft, data breaches, and financial losses.
Avoid emails that:
- Aren’t addressed to you personally.
- Are unexpected and urge immediate action.
- Contain poor grammar or miss crucial identifying details.
- Direct you to a suspicious URL that isn’t associated with the genuine company.
Many businesses turn to MailGuard after a near miss or incident. Don't wait until it's too late.
Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
One Email Is All That It Takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's specialist, 'zero zero-day' email security. Special Ops for when speed matters! Our real-time 'zero zero-day', email threat detection amplifies our client’s intelligence, knowledge, security and defence. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.
