Phishing attack delivered via fraudulent FedEx notification

Posted by Akankasha Dewan on 08 November 2018 14:05:54 AEDT

Cybercriminals continue to leverage popular trends like online shopping to prey on consumers and trick them into revealing confidential data.

MailGuard intercepted a fraudulent shipment delivery notification purporting to be from FedEx on Wednesday afternoon AEST.  

Having incorporated the logo and branding of FedEx into the email, cybercriminals sent a legitimate-looking email to inboxes. The emails were titled ‘Package’ and with a display name ‘noreplytrackingupdate’.

MailGuard found the emails were actually sent from one of 5 compromised accounts belonging to a US University.

The body of the email advises recipients that their shipment is scheduled for delivery. A link is provided to "Sign and reconfirm delivery’ address.

Fedex Scam

Unsuspecting users who click on the link are taken to a sign-in page for FedEx using their email address. If they attempt to sign-in, they are informed that the password they have entered is incorrect.

fedex sign in scam

This is a phishing website, that is designed to steal users’ email credentials.

Another parcel delivery scam?

Well-known companies such as Australia Post, FedEx and DHL are popular targets for scammers to impersonate because they are trusted names with large customer bases.

In this case, cybercriminals are preying on the curiosity of FedEx customers who may think a ‘shipment’ is on its way. This motivates them to enter personal details without hesitating.

Fake delivery email scams are a favourite of cybercriminals, particularly around busy shopping periods such as Christmas and the Boxing Day sales. Most recently, MailGuard reported a similar DHL scam on October 26th this year.

What to look out for

As a precaution, avoid clicking links in emails that:

  • Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include (e.g. – tracking ID).
  • Are from businesses you’re not expecting to hear from.
  • Ask you to download any files, especially with an .exe file extension.
  • Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs:

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates


^ Back to Top

Topics: Phishing email scam Cybersecurity cybercrime

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all