I’ve been getting emails, tossed into my junk mail, that have various names or titles, but the subjects all refer to my having “FedEx delivery problems”
I don’t use FedEx and these look suspicious so I don’t click on them, and just delete without opening.
What kind of scam might someone be attempting here?
Who knows, without opening the e-mail? (And perhaps not even then, if all they want is to impart malware.) Safe to say, though, that it has nothing do do with FedEx.
I have been getting these a lot, too. The first one caught my eye until I saw the sender’s email. They all have a “click here for message” that I’m very sure will not lead you to any messages from fed-ex.
They usually have a file attachment that you’re asked to open. In those cases opening the attachment will infect you with some form of malware.
I’ve seen a variation where they include a link to the item you supposedly have ordered and are awaiting delivery for. The entire email and fake notice of a failed delivery is just a ruse to get you to click the link which to them is the same benefit as getting you to click a link on a paid ad on a website but for free.
Yep, the link will lead to something that (in descending order of likelihood):
[ul]
[li]Installs some malware on your machine[/li][li]Wants you to enter a bunch of personal information which will be used to steal your identity for fraud[/li][li]Just confirms that the spam hit home and was read by a human - identifying your email address as valuable for spammers[/li][/ul]
It’s an invitation to Cryptolocker
Personally i would decline.
Decline to even touch the email
You will notice that they always come from some unknown person in Afghanistan or Bulgaria, probably a real enough person whose computer has been hacked. Just delete them. Whatever you do, don’t open them.
Even if I get an email from someone I know, if it has an attachment and no personal message (often it has a generic message like “Wow, look at this”) I won’t open without checking first with the person it purportedly comes from whose address book has presumably been hacked.
I forward them to their supposed origin, Fed-Ex.
Why? Now you’re just spamming a legit company with useless crap.
I send it with a note stating what it is, and how these assholes are besmirching the good name of Fed-Ex. They got more power than I do.
Somehow I think FedEx knows it’s not spam directed at them.
they actually want you to forward it to them. they investigate misuse of their brand and name.
you should forward to abuse@fedex. . .
mc
The ‘from’ address in an email is not a reliable indicator of its actual origin - and this is especially true in the case of spam with malware payloads.
[ul]
[li]Random infected computer sends email to Joe Bloggs, ‘from’ address spoofed as Mangetout[/li][li]Joe Bloggs replies to Mangetout, saying “what the hell is this?”[/li][li]There are now twice as many potential victims with their mouse poised over the malware link.[/li][/ul]
I think that’s just a write only email account.
So some malware spreader is using a thousand different Yahoo! email accounts … today. What is FedEx going to do about it? Tell Yahoo! to cut off those accounts? Tomorrow they’re using a different 1000 Yahoo! accounts.
And if the links go to some regular website that’s been cracked into? Just getting the attention of the person actually running the site to let them know they have a problem is incredibly difficult. Never mind that most such people have no clue what to do, assuming they even care.
Then there’s the case where the link goes to one of a hundred .ru sites that’s been set up. Getting anything done about those sites is a complete waste of time.
FedEx is not going to do anything about the email report you send.
So sure, so wrong.
FedEx will put out a warning to let people know what to look out for in emails using their names to infect computers. Maybe that’s not “doing” in your mind. I’ll remember that if your house starts burning, because warning you isn’t “doing” anything.
So an example of a fake FedEx email is “doing something” about all the emails people are forwarding.
Right.
As to the house fire analogy, it would be like citing a fire department flier on home fire safety as proof that the first department is putting out fires.
Not exactly feeling corrected here. At all.
Well, thankfully, other than fighting your ignorance, this is not about you. This is about how to respond to malspam. And the proper response is to report it to the victim of the joe job… not because they can sue the spammer or launch a drone strike or even “solve” the problem… but because they can publicise the ongoing malware campaign to other potential victims who may say “Huh, I got a weird email from FedEx? What does google say about this?”
Malware is not a solvable problem. But malware infection is potentially preventable, by good net hygiene, and public notice of current outbreaks is part of good network public health.
I get these, too. DELETE
Fuck FedEx. They are as “legit” as a corner lemonade stand. As a former shipping manager, I can tell you stories…
I don’t quite understand your reference. Is there some problem involving illegitimate corner lemonade stands?
Well he was formerly the shipping manager at one so he must know. A lemonade stand with a shipping manager sounds like a scam to me. I bet it never arrives.