Scammers Deliver Malware Using Fake FedEx Message

FedEx customers are the latest targets of phishing by cyber criminals. Comodo Threat Research discovered an email message making its way around with a malicious document claiming to be from the package delivery company. If the included attachment is opened, malware is delivered to your computer instead of a package to your door.

It isn't the first time FedEx and UPS have been used to deliver malware. The ICE trojan appeared a while back using a similar tactic. However, FedEx wrote in a statement that it does not send unsolicited email messages to customers requesting package details, account numbers, invoice information, passwords, or personal information. It’s good practice not to open attachments in any email messages unless you are without a doubt certain they are not malicious.

In this scheme, the email is targeting both English and Italian speaking customers. Apparently great care has been put in place to ensure the phishing attempts are difficult to spot. The logos and coloring appear to be very well done, but there do appear to be some syntax errors in the written message. Always watch for clues such as these to identify if phishing may be in play. Also for this case, the message states a package is to be delivered but the recipient was not home. It asks for the attachment to be printed and taken to the FedEx location to retrieve it.

Rather than click on any attachments or links, go directly to your FedEx account or contact the company via phone to find out if there is indeed a package scheduled to be delivered to you.

Fortunately, this malware appears not to contain ransomware, but it is designed to corrupt computers. So while you’re ensuring all your anti-malware and other software is updated, make a backup of your important files too. This is a great way to avoid stress should something unwanted get delivered to your systems.

© Copyright 2016 Stickley on Security