Description 

A phishing campaign has been detected that impersonates the FedEx parcel company.  

Through a fraudulent email, an attempt is made to deceive the victim by using as bait 
that they have an unclaimed order and must click on the link to obtain it. This link 
redirects to a website that impersonates the legitimate one and asks the user 
to enter both personal and banking information in order to make a payment 
that unlocks an alleged package.

Solution 

If you receive an email that appears to be from the FedEx company and asks you to 
make a payment to receive a supposed package, but you have not yet provided your
 personal or banking information, mark it as junk or spam, block the sender and delete
 the email from your tray.

Otherwise, if you have accessed the link and have provided your personal and banking 
information to later proceed to make the payment that, presumably, unlocks the delivery
 of the package, follow the following recommendations:
  

•  Contact your bank to report the incident and ensure that the necessary security
   measures are taken.
• Take screenshots of the process and communications as evidence. To verify these,
   you can use online witnesses.
• In the coming months, we recommend that you carry out searches on the Internet
   to check if your personal data is present through the practice of egosurfing.
   If you need it, you can request that your personal data be deleted with 
  the right to be forgotten.
• When you receive an email with similar characteristics in the future, be sure to
   check if they come from official sources.
• Report the fraud and file a complaint with the State Security Forces and Bodies
   with the evidence you gathered of the fraud.
• If you really have a FedEx order pending, you can check its status through 
  the official FedEx link.
• If you have any doubts, you can take a look at some examples of fraudulent
  emails impersonating FedEx.

   Follow our recommendations to avoid being a victim of this type of online fraud and
 also find out about other types of threats on our website.

Detail 

A series of fraudulent emails have been detected impersonating the identity of the delivery company FedEx to try to steal the recipients' information. In these emails it has been detected that the excuse used is the impossibility of delivery of a shipment. The email subjects observed to date are:  

   

• You still have (1) unclaimed order
• Hello, This is an update regarding your undelivered package.

The fraudulent emails are sent from fictitious email accounts that use the aliases “Customer Service” and “Account Verification.” These aliases avoid raising suspicions about the impersonation of the courier and parcel company.

The body of the emails may be similar to those sent by an automated messaging and incident management platform, but they do not use the company's formats, email addresses or corporate images.

This email shows an absence of victim data, offering only a tracking number, accompanied by a message urging the recipient to click on the link provided to avoid the supposed loss of an order.

  
If the link is clicked, the victim is redirected to a web page, under the false identity of FedEx, to manage the order.


On the first page offered, the victim is informed of the impossibility of sending a package, due to pending information, so that the user clicks on the “Find my package” option.
      

By clicking on this option, you are redirected to a new page where they request the code provided in the fraudulent email, simulating the management of a package. The information message details that it is a smartphone and that a payment of €1.90 is pending to process the shipment. To do this, the victim is offered a link requesting confirmation.


Once the option to confirm the shipment is selected, the page redirects the victim to a new section to plan the delivery. In this case, choosing whether it is a home delivery or at a collection point.  
  
After the previous option, the victim is asked to specify the time slot to make the delivery.  


Once the delivery methods and times have been defined, a confirmation page is displayed informing you that there is a final step to define the delivery.
 
The last step requested is the payment of a supposed amount necessary for the delivery of the package of €1.99, where the information associated with a credit or debit card is requested, such as email, full name, card number, expiration date and CVV.
     You can then see a pop-up window on the screen with a message, indicating that the payment has failed and to press the button to try again.
  
On this screen you can re-enter your personal data: “First name”, “Last name”, “Email” and “Phone” to try the payment again.


At this point, the process does not progress by entering the bank card details a second time, but the cybercriminals will already have your details.

Content made within the framework of the funds of the Recovery, Transformation and Resilience Plan of the Government of Spain, financed by the European Union (Next Generation)