High pressure businesses can be left exposed by scams like this as they can easily overlook insignificant features like the ‘from’ sender address. This simple oversight is what spammers exploit, it only takes a moment of inattention or a lack of vigilance to be infiltrated.
Here is a screenshot of the type of email to watch out for:
As you can see in the email above, the subject of the email is, “Delivery Notification, ID 00000290694”, whilst the sender is purported to be, ‘Ben Carter’ a mock ‘Operation Manager’ at FedEx.
This variation does not require the recipient to do anything and merely states that the shipping label is attached to the email.
It provokes the recipient based on two scenarios:
- Human curiosity to download the notification to find out more information.
- The recipient is awaiting a package and is coincidentally caught out by this scam.
Unless the user has elected to show known file type extensions, this file will appear as a DOC type and further convince the recipient that the attachment is legitimate.
In many email scams we have observed, the downloaded malware often performs GET requests to attempt to download and run a payload ransomware file, typically CryptoLocker. CryptoLocker encrypts all files on local and mapped drives and will display a message when the user attempts to open the file. The message demands payment of a ransom in exchange to (supposedly) unlock their files.
FedEx states on their website, that they do not send unsolicited email to customers requesting information regarding packages, invoices, account numbers, passwords or personal information.
If you receive a message matching this description, do not open the email or click on the attachment. Delete the email immediately or forward it to firstname.lastname@example.org.
As a precaution, we urge you to delete emails that:
- Are not addressed to you by name, have poor grammar or omit personal details that a legitimate sender would include.
- Are from businesses/individuals you were not expecting to hear from, or you aren't 100% sure of the legitimacy of the source.
- Ask you to download any files, namely with an .exe file extension, or in this case, a .zip extension.
Educating staff and employing cloud-based email and web filtering is your first and best line of defence. Complement this multilayered defence with on premise antivirus, anti-malware and anti-spyware solutions. This will go a long way to mitigating the risk from a wide range of email scams.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.