Internet Storm Center Infocon Status

Search ISU Security

RSSSubscribe to the RSS Feed
ISU Information Security

Malware email attack targeting FedEx customers

Wednesday, March 23, 2016 14:56

Warn_NetworkSecurity researchers report that scammers are targeting FedEx customers through email in order to infect victim machines with malware.

In an email, crafted to appear “official”, the scammers inform the victim that FedEx has attempted to deliver a package and that the package will be returned unless the victim claims it at the local FedEx office. In order to claim the package, the victim will have to download and print out an attached form.

The malware is in the attached document and is loaded onto the victims computer once it is opened. Researchers have not identified the specific malware, though it does not appear to be ransome-ware.

FedEx has explicitly stated, “FedEx does not send unsolicited emails to customers requesting information regarding packages, invoices, account numbers, passwords or personal information.”

Users are reminded to be wary of any unsolicited email. Check the sender’s email address, never click links in an email or download attachments from unsolicited sources. Never reply to unsolicited emails. If in doubt, contact the company through verified, publicly available means, never through contact info given in a suspect email.

Related Links

Security posting about the scam

FedEx’s response to the scam

More news on the scam