Well, it was bound to happen. I finally got mine.

A few days ago, I got a security alert that the email phishers were trying some new tactics to pry information out of the unsuspecting user. One involved a ticket verification process from the airlines. The major airlines immediately went public denying that they practiced communication of this nature and if you saw anything that asked you for personal information, it didn’t come from them.

The other was FedEx. Apparently, phishers posing as FedEx tracking brokers send out emails saying that you have received a package, but because of the nature of the package, you need to supply personal information in order for them to deliver it.

As far as I can recall, correspondence with FedEx has always been unidirectional in nature. They leave a sticker on my door stating that they tried to deliver a package and if I want it, I can come down the station to pick it up. Sometimes they will attempt to deliver it again the next day at a specific time.

But they always leave a note. I have never received an email from them.

Until today.

Here are some things to look out for in this, or any other, suspected phishing email:

  1. Generic greetings. Most likely, they are sending bulk email, meaning that they can’t address you by name without tipping off everyone else on the distribution list.
  2. Suspicious or unofficial “from” address. In the header of the email, you will see the address of the sender (From), the recipient (To), where to send a reply (Reply-to), and a return path (Return-Path). If you know how to do it, the “From” address can be altered to look official. In a real correspondence, however, the domain name (that part of the address between the @ sign and the first period) should match in all addresses except for the recipient address. There is no reason an official request should be sent from info@fedex.com while the reply-to address is jimbo@yahoo.com.
  3. Empty recipient address. The “To” field is typically left blank to hide the fact that this “private” correspondence has just been sent to everybody on God’s green earth.
  4. Urgent requests to act. Typically, you’ll see notices that your account has been compromised, that the “company” is about to close out your account, or that you have won a whole bunch of money and that you need to act now. $800,000.00 USD is a whole bunch of money to most people.
  5. Suspicious looking links. This email doesn’t use links back to phishing websites. However, there is a phone number you can call. Probably goes to a phone in the phisher’s basement.
  6. Spelling and Grammatical errors. This email is littered with them. The line I really like is at the end of the email right after the piece about not copying the email: FEDEX INTL>>>LICENCE OF FEDERAL EXPRESS CORPERATION.
  7. Requests for personal information. Things like PINs, SS numbers, credit card numbers. Legitimate companies will never ask for this information via email. They may use a secured form (look for the pad lock in your browser indicating that encryption is in place) or they may ask via telephone. But they will never use email to request this type of information.

The email is included below for your entertainment. If you haven’t received on yet, rest assured that yours is in the mail… uh, I mean email.

Stay Vigilant. Good Selling.

Dear Customer!

We have been waiting for you to contact us for your Confirmed Package that
is registered with us for shipping to your residential location.We had
thought that your sender gave you our contact details.It may interest you
to know that a letter is also added to your package.However, we cannot
quote its content to you via email for privacy reasons.

We understand that the content of your package itself is a Bank Draft
worth of $800,000.00 USD, FedEx do not ship money in CASH or in CHEQUES
but Bank Drafts are shippable.The package is registered with us for
mailing by your colleague, and your colleague explained that he is from
the United States but he is here in Nigeria for a three (3)months
Surveying Project as he works with a consultant firm in Nigeria West
Africa We are sending you this email because your package is been
registered on a Special Order.

What you have to do now, is to contact our Delivery Department for
immediate dispatch of your package to your residencial address.Note that
as soon as our Delivery Team confirm your information, it will take only
one working day (24 hours) for your package to arrive it's designated
destination.For your information, the VAT & Shipping charges as well as
Insurance fees have been paid for by your colleague before your package
was registered.Note that the payment that is made on the Insurance,
Premium & Clearance Certificates, are to certify that the Bank Draft is
not a Drug Affiliated Fund (DAF) neither is it funds to sponsor Terrorism
in your country. This will help you avoid any form of query from the
Monetary Authority of your country.

However, you will have to pay the sum of £105GBP to the FedEx Delivery
Department being full payment for the Security Keeping Fee of the FedEx
company as stated in our privacy terms & condition page. Also be informed
that your colleague wished to pay for the Security Keeping fee, but we do
not accept such payment considering the facts that all items & package
that are registered with us have a time limitation and we cannot accept
payment not knowing when you will be contacting us for your package or
even responding to us.So we cannot take the risk to have accepted such
payment incase of any possible demurrage.

Kindly note that your colleague did not leave us with any further
information.We hope that you respond to us as soon as possible because if
you fail to respond until the expiry date of your package, we may refer
the package to the British Commission for Welfare as the package do not
have a return address.

Kindly contact the delivery department (FedEx Delivery Post) with the
details given below:

FedEx Online Delivery Post
Contact Person:Gary Anderson
Tel: +234 805 8814 416

Kindly complete the below form and send it to the email address given
above.This is mandatory to reconfirm your Postal address and telephone


Kindly complete the above form and summit it to the delivery manager on:

As soon as your details are received, our delivery team will give you the
neccessary payment procedure so that you can effect the payment for the
Security Keeping Fee. As soon as they confirm your payment receipt of
£105GBP which is equivalent to $210USD , they will not hesitate to
dispatch your package as well as the attahced letter to your residence. It
usually takes 24 hours being an overnight delivery service.

Note that we were not instructed to email you, but due to the high
priority of your package we had to inform you as your sender did not leave
us with his phone number because he stated that he just arrived Nigeria
and he hasn't fix his phone yet. We indeed personally sealed your Bank
Draft and we found your email contact in the receivers column as the
recipient of the foremost package.

Ensure to contact the delivery department with the email address given
above and ensure to fill the above form as well to enable a successful

Do not reply this email because this email account is not monitored.Send
your details to:fedex.delivery1963@live.com

Yours Faithfully,
Mrs. Margaret Blaire.
FedEx Online Team Management.
All rights reserved. © 1995-2008
This E-mail is only for the above addressees. It may contain confidential
or Privileged information. If you are not an addressee you must not copy,
distribute, disclose or use any of the information in it or any