14 DAY TRIAL // FedEx scams are probably as old as the Internet, but every once in a while we come across an upgraded variant of the classic scheme that’s so well designed that it may trick a few users into handing over their credentials.
Mxlab experts have discovered such a campaign. It starts with a classic email that warns recipients of an issue with their accounts.
Here’s how the email looks:
Account Requires Complete Profile Update, We have recently detected that different computer user had attempted gaining access to your Online account, and multiple password was attempted with your user ID. It is now necessary to re-confirm your account information to us.
If this process is not completed within 24-48 hours. We will be forced to suspend your Account Online Access as it may have been used for fraudulent purposes.
Please log on Otherwise your user ID and profile will be deleted from our records. The cleverly placed link doesn’t point to the official FedEx site, but to the compromised website of a Polish carpet company which is most likely unaware of the fact that cybercriminals have borrowed their domain to host a phishing page.
The clever thing about the webpage is that it’s well designed, most of the links actually pointing to fedex.com. Once a user enters his/her credentials and clicks on the Login button, the information is sent back to a server controlled by the phishers, the victim being redirected to the genuine FedEx domain.
Internauts, and FedEx customers in particular, are advised to beware of unsolicited emails that try to lure them to shady websites.
In this case, it’s clear that the webpage is part of a plot because the URL displayed in the address bar is not fedex.com, but [companyname].pl.