Cybercriminals continue to leverage popular trends like online shopping to prey on consumers and trick them into revealing confidential data.
MailGuard intercepted a fraudulent shipment delivery notification purporting to be from FedEx on Wednesday afternoon AEST.
Having incorporated the logo and branding of FedEx into the email, cybercriminals sent a legitimate-looking email to inboxes. The emails were titled ‘Package’ and with a display name ‘noreplytrackingupdate’.
MailGuard found the emails were actually sent from one of 5 compromised accounts belonging to a US University.
The body of the email advises recipients that their shipment is scheduled for delivery. A link is provided to "Sign and reconfirm delivery’ address.
Unsuspecting users who click on the link are taken to a sign-in page for FedEx using their email address. If they attempt to sign-in, they are informed that the password they have entered is incorrect.
This is a phishing website, that is designed to steal users’ email credentials.
Another parcel delivery scam?
Well-known companies such as Australia Post, FedEx and DHL are popular targets for scammers to impersonate because they are trusted names with large customer bases.
In this case, cybercriminals are preying on the curiosity of FedEx customers who may think a ‘shipment’ is on its way. This motivates them to enter personal details without hesitating.
Fake delivery email scams are a favourite of cybercriminals, particularly around busy shopping periods such as Christmas and the Boxing Day sales. Most recently, MailGuard reported a similar DHL scam on October 26th this year.
What to look out for
As a precaution, avoid clicking links in emails that:
- Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include (e.g. – tracking ID).
- Are from businesses you’re not expecting to hear from.
- Ask you to download any files, especially with an .exe file extension.
- Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: firstname.lastname@example.org
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.