One thing a cybercriminal likes to use is a well-known brand. Vade Secure create a list of the phisher’s favourite brands each quarter. Brands like Microsoft, Amazon, and Netflix regularly make it into the top ten favourite brands for phishing. Phishers also like to mix it up. If a brand gets too tainted by overuse, they turn to another well-known name. FedEx seems to be in favour at the moment and has made it intoscam of the week.
This phishing scam is a classic. It could almost be placed in a hall of fame it has so many of the classic phishing tactics. As a classic scam it is a great learning tool; it uses many of the social engineering tricks that we have grown to know and hate.
Let’s take a closer look at this latest FedEx scam email.
FedEx scam email tricks
When a phishing email is designed, the focus is on enhancing the chance it will successfully trick a user into clicking a link or opening an attachment. By using a named company like FedEx, scammers are able to do two things:
- Make you feel comfortable; a recognisable name puts you more at ease – after all it might just be real.
- Using a well-known brand can help to improve the chances of success as the recipient might be a customer of the real brand. If you have used FedEx recently or not, you will be more likely to do as the email asks.
The FedEx scam email is written to encourage you to click a link. It states:
“An email containing confidential personal information was sent to you.”
“Click here..,”
If you click any of the links in the FedEx email you will be taken to a spoof site. We used a URL analysis tool to find out if the site was malicious. It was, and likely infected with malware ready to infect your computer/network. Our scan results, shown below, point to the likelihood the malware would infect Windows machines.
How did we know this was a scam email?
To recognise a scam email, especially one that uses the brand logo and colours can be tricky. It may look real. It may even be well-written, but certain tell-tale signs show this FedEx scam is a phishing classic:
- The ‘from’ email address clearly shows this was not from FedEx.
- There was no salutation greeting in the email. However, it did have my email address in the email itself – phishers are able to auto-populate certain parts of the email body with the email addresses they target
- Holding the cursor over any of the links in the email shows the link address in the email client. This link was clearly not a legitimate FedEx URL
- When we checked the email message source* we found that the sender was a legitimate Australian company. This points to the email being sent out to the company’s contacts,en masse, as a result of an infected machine/network
As FedEx themselves say on their website about fraudulent emails using their brand, “FedEx does not send unsolicited emails requesting information regarding, invoices, account numbers, credit card numbers, passwords or any other type of personal information”
FedEx is one of many brands that are chosen by scammers to make their life easier. Branding works by building relationships with customers. Phishers use this fact to trick you. Always be wary of clicking links in any email from any brand.
And always:
- Keep your computers patched and up to date
- Run the latest antimalware/antivirus software
This all helps as if you do click on a phishing link you will be less likely to become infected with malware. However, cybersecurity is about the whole process and starts with training your users about how to spot phishing tricks.
*You can check the underlying source code of an email message using the message source. Each email client is different, but, for example, in Outlook chose ‘more actions/message source. This shows you who sent the email, the IP address, and many other aspects of an email
Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:
FedEx Phishing Email Scam
An email which uses the FedEx brand may pop into your inbox. This email says that it has some personal information about you and to access it you need to click on a link.
DO NOT CLICK ANY LINKS IN THIS EMAIL! This is a phishing email and may infect your computer with malware.
Don’t forget to share this with your colleagues and friends and help them stay safe.
© 2023 . The Defence Works. All rights reserved.