With the holiday season upon us, chances are you've ordered a few things online and are expecting a package delivery or two.
So if you were to get an email from Fed Ex asking for information or informing you of a problem with one of your deliveries, you might not doubt its authenticity. Unfortunately, that would be a mistake.
Hackers and scammers are well aware that more consumers are expecting deliveries, so the odds are much higher that their spam emails, disguised as messages from a delivery company, will snag a victim.
This week we received an email with the subject line “Fed Ex delivery problems notification.” But right from the start the message was suspect.
Even though it bore the Fed Ex logo, the message sender was “Gracie,” and the email was not from a Fed Ex email account. It was clear a hacker had gained access to Gracie's account or computer and was using it to send spam messages.
Glaring grammatical errors
“An package containing confidential personal information was sent to you,” the brief message read, with the glaring grammatical error flagging it as not being from Fed Ex.
Below the message, the words “Tracking Update” were in the form of a hyperlink. When the the cursor was placed over the link, it revealed that it would have directed us to some weird website.
It might have been a benign scam – getting us to help the spammer earn a little ad revenue. Or it could have been more sinister, downloading malware or, worse still, loading ransomware to seize complete control of the computer.
Fed Ex's advice
This, of course, is nothing new to Fed Ex, which says it has received many reports of fraudulent emails using its name and logo. The company says other subject lines include “Shipping Conformation,” “Verify Info,” “Some important information is missing,” and “Please fulfill the documents attached to verify your identity.”
Fed Ex says it does not send unsolicited emails to consumers requesting information regarding packages, invoices, account numbers, passwords, or personal information.
The company says when you get one of these messages – and your chances are higher during the holiday season – you should delete the email or forward it to firstname.lastname@example.org.