Published
5/11/2024
5/11/2024
Priority:
High
High
FedEx spoofed through phishing by email
Affected Resources
Any person who has received an email with the characteristics discussed
in the next section and has provided their personal data.
Description
A phishing campaign has been detected that impersonates the FedEx parcel company.
that they have an unclaimed order and must click on the link to obtain it. This link
redirects to a website that impersonates the legitimate one and asks the user
to enter both personal and banking information in order to make a payment
that unlocks an alleged package.
Solution
If you receive an email that appears to be from the FedEx company and asks you to
make a payment to receive a supposed package, but you have not yet provided your
personal or banking information, mark it as junk or spam, block the sender and delete
the email from your tray.
Otherwise, if you have accessed the link and have provided your personal and banking
information to later proceed to make the payment that, presumably, unlocks the delivery
of the package, follow the following recommendations:
- Contact your bank to report the incident and ensure that the necessary security
measures are taken. - Take screenshots of the process and communications as evidence. To verify these,
you can use online witnesses. - In the coming months, we recommend that you carry out searches on the Internet
to check if your personal data is present through the practice of egosurfing.
If you need it, you can request that your personal data be deleted with
the right to be forgotten. - When you receive an email with similar characteristics in the future, be sure to
check if they come from official sources. - Report the fraud and file a complaint with the State Security Forces and Bodies
with the evidence you gathered of the fraud. - If you really have a FedEx order pending, you can check its status through
the official FedEx link. - If you have any doubts, you can take a look at some examples of fraudulent
emails impersonating FedEx.
also find out about other types of threats on our website.
Detail
A series of fraudulent emails have been detected impersonating the identity of the delivery company FedEx to try to steal the recipients' information. In these emails it has been detected that the excuse used is the impossibility of delivery of a shipment. The email subjects observed to date are:- You still have (1) unclaimed order
- Hello, This is an update regarding your undelivered package.
The body of the emails may be similar to those sent by an automated messaging and incident management platform, but they do not use the company's formats, email addresses or corporate images.
This email shows an absence of victim data, offering only a tracking number, accompanied by a message urging the recipient to click on the link provided to avoid the supposed loss of an order.
If the link is clicked, the victim is redirected to a web page, under the false identity of FedEx, to manage the order.
On the first page offered, the victim is informed of the impossibility of sending a package, due to pending information, so that the user clicks on the “Find my package” option.
By clicking on this option, you are redirected to a new page where they request the code provided in the fraudulent email, simulating the management of a package. The information message details that it is a smartphone and that a payment of €1.90 is pending to process the shipment. To do this, the victim is offered a link requesting confirmation.
Once the option to confirm the shipment is selected, the page redirects the victim to a new section to plan the delivery. In this case, choosing whether it is a home delivery or at a collection point.
After the previous option, the victim is asked to specify the time slot to make the delivery.
Once the delivery methods and times have been defined, a confirmation page is displayed informing you that there is a final step to define the delivery.
The last step requested is the payment of a supposed amount necessary for the delivery of the package of €1.99, where the information associated with a credit or debit card is requested, such as email, full name, card number, expiration date and CVV.
On this screen you can re-enter your personal data: “First name”, “Last name”, “Email” and “Phone” to try the payment again.
At this point, the process does not progress by entering the bank card details a second time, but the cybercriminals will already have your details.
Content made within the framework of the funds of the Recovery, Transformation and Resilience Plan of the Government of Spain, financed by the European Union (Next Generation)