A new phishing scam targeting FedEx customers uses a social engineering scheme that strikes the one nerve all these people have in common. The desire to have their package delivered.
The Comodo Threat Research Labs team said in a report that the campaign, targeting people in English and Italian, uses emails dressed up to look like an official FedEx correspondence that also contains a malicious attachment.
The attacker uses the recipient’s fear about not getting their package to their advantage. They tell the victim the package was brought to their residence, but nobody was home to sign for it so they now must go to the FedEx office within the next 48 hours or the item would be returned. At the same time the email requests that the victims open and print out an attachment which needs to be brought to the office.
That action downloads the malware. Comodo did not specify what kind of malware was inserted into the endpoint computer.
“Because Comodo is able to work with and execute unknown files in our container technology, we were able to review and decipher the attachment as rogue malware, designed to simply cause endpoints and computers to be corrupted. We did not detect any ransomware at all associated with this specific stream,” Fatih Orhan, director of technology at Comodo and the Comodo Threat Research Labs told SCMagazine.com Tuesday in an email.
The reasoning behind sending the emails in English and Italian was harder to decipher. Orhan thought one reason is the cybercriminals could be running a test while scamming people. Essentially attempting to see which language might gain the most traction. Comodo was unable to tell if English and Italian countries were specifically targeted.
Comodo noted that other than containing some odd syntax the fake emails were hard to spot noting the bad guys are getting very good at mimicking logos and the coloring used by corporations. The team added that this particular scam can be easily altered by the bad guys to target new groups of people.
The package-deliver company offered an easier method to tell whether or not an email correspondence is valid.
“FedEx does not send unsolicited emails to customers requesting information regarding packages, invoices, account numbers, passwords or personal information,” FedEx said in a statement.