A few days ago, I got a security alert that the email phishers were trying some new tactics to pry information out of the unsuspecting user. One involved a ticket verification process from the airlines. The major airlines immediately went public denying that they practiced communication of this nature and if you saw anything that asked you for personal information, it didn’t come from them.
The other was FedEx. Apparently, phishers posing as FedEx tracking brokers send out emails saying that you have received a package, but because of the nature of the package, you need to supply personal information in order for them to deliver it.
As far as I can recall, correspondence with FedEx has always been unidirectional in nature. They leave a sticker on my door stating that they tried to deliver a package and if I want it, I can come down the station to pick it up. Sometimes they will attempt to deliver it again the next day at a specific time.
But they always leave a note. I have never received an email from them.
Here are some things to look out for in this, or any other, suspected phishing email:
- Generic greetings. Most likely, they are sending bulk email, meaning that they can’t address you by name without tipping off everyone else on the distribution list.
- Suspicious or unofficial “from” address. In the header of the email, you will see the address of the sender (From), the recipient (To), where to send a reply (Reply-to), and a return path (Return-Path). If you know how to do it, the “From” address can be altered to look official. In a real correspondence, however, the domain name (that part of the address between the @ sign and the first period) should match in all addresses except for the recipient address. There is no reason an official request should be sent from firstname.lastname@example.org while the reply-to address is email@example.com.
- Empty recipient address. The “To” field is typically left blank to hide the fact that this “private” correspondence has just been sent to everybody on God’s green earth.
- Urgent requests to act. Typically, you’ll see notices that your account has been compromised, that the “company” is about to close out your account, or that you have won a whole bunch of money and that you need to act now. $800,000.00 USD is a whole bunch of money to most people.
- Suspicious looking links. This email doesn’t use links back to phishing websites. However, there is a phone number you can call. Probably goes to a phone in the phisher’s basement.
- Spelling and Grammatical errors. This email is littered with them. The line I really like is at the end of the email right after the piece about not copying the email: FEDEX INTL>>>LICENCE OF FEDERAL EXPRESS CORPERATION.
- Requests for personal information. Things like PINs, SS numbers, credit card numbers. Legitimate companies will never ask for this information via email. They may use a secured form (look for the pad lock in your browser indicating that encryption is in place) or they may ask via telephone. But they will never use email to request this type of information.
The email is included below for your entertainment. If you haven’t received on yet, rest assured that yours is in the mail… uh, I mean email.
Stay Vigilant. Good Selling.
Dear Customer! We have been waiting for you to contact us for your Confirmed Package that is registered with us for shipping to your residential location.We had thought that your sender gave you our contact details.It may interest you to know that a letter is also added to your package.However, we cannot quote its content to you via email for privacy reasons. We understand that the content of your package itself is a Bank Draft worth of $800,000.00 USD, FedEx do not ship money in CASH or in CHEQUES but Bank Drafts are shippable.The package is registered with us for mailing by your colleague, and your colleague explained that he is from the United States but he is here in Nigeria for a three (3)months Surveying Project as he works with a consultant firm in Nigeria West Africa We are sending you this email because your package is been registered on a Special Order. What you have to do now, is to contact our Delivery Department for immediate dispatch of your package to your residencial address.Note that as soon as our Delivery Team confirm your information, it will take only one working day (24 hours) for your package to arrive it's designated destination.For your information, the VAT & Shipping charges as well as Insurance fees have been paid for by your colleague before your package was registered.Note that the payment that is made on the Insurance, Premium & Clearance Certificates, are to certify that the Bank Draft is not a Drug Affiliated Fund (DAF) neither is it funds to sponsor Terrorism in your country. This will help you avoid any form of query from the Monetary Authority of your country. However, you will have to pay the sum of £105GBP to the FedEx Delivery Department being full payment for the Security Keeping Fee of the FedEx company as stated in our privacy terms & condition page. Also be informed that your colleague wished to pay for the Security Keeping fee, but we do not accept such payment considering the facts that all items & package that are registered with us have a time limitation and we cannot accept payment not knowing when you will be contacting us for your package or even responding to us.So we cannot take the risk to have accepted such payment incase of any possible demurrage. Kindly note that your colleague did not leave us with any further information.We hope that you respond to us as soon as possible because if you fail to respond until the expiry date of your package, we may refer the package to the British Commission for Welfare as the package do not have a return address. Kindly contact the delivery department (FedEx Delivery Post) with the details given below: FedEx Online Delivery Post Contact Person:Gary Anderson Email:firstname.lastname@example.org Tel: +234 805 8814 416 Kindly complete the below form and send it to the email address given above.This is mandatory to reconfirm your Postal address and telephone numbers. FULL NAMES: TELEPHONE: POSTAL ADDRESS: CITY: STATE: COUNTRY: Kindly complete the above form and summit it to the delivery manager on: email@example.com As soon as your details are received, our delivery team will give you the neccessary payment procedure so that you can effect the payment for the Security Keeping Fee. As soon as they confirm your payment receipt of £105GBP which is equivalent to $210USD , they will not hesitate to dispatch your package as well as the attahced letter to your residence. It usually takes 24 hours being an overnight delivery service. Note that we were not instructed to email you, but due to the high priority of your package we had to inform you as your sender did not leave us with his phone number because he stated that he just arrived Nigeria and he hasn't fix his phone yet. We indeed personally sealed your Bank Draft and we found your email contact in the receivers column as the recipient of the foremost package. Ensure to contact the delivery department with the email address given above and ensure to fill the above form as well to enable a successful reconfirmation. Do not reply this email because this email account is not monitored.Send your details to:firstname.lastname@example.org Yours Faithfully, Mrs. Margaret Blaire. FedEx Online Team Management. All rights reserved. © 1995-2008 ---------------------------------------------------------------------------------------------------------- This E-mail is only for the above addressees. It may contain confidential or Privileged information. If you are not an addressee you must not copy, distribute, disclose or use any of the information in it or any attachments. ---------------------------------------------------------------------------------------------------------- FEDEX INTL>>>LICENCE OF FEDERAL EXPRESS CORPERATION.