The package delivery company, FedEx, has been the recent target of a phishing scam targeting English and Italian speaking customers.

This phishing scam targeting FedEx customers uses a sophisticated social engineering scheme that involves the one thing we all want- our packages delivered.

This scam is currently limited to only English and Italian speaking customers, with many researchers believing these cyber criminals are trying to figure out which language generates the most traction.

Attackers are using the recipient’s fear of not getting their package delivered to their advantage. Cyber criminals start off by sending emails dressed up to look like an official FedEx correspondence with a malicious attachment attached to the email. The email states that the victims’ package was brought to the residence, but no one was home to sign for it, so they must visit a FedEx office within 48 hours or the item will be returned to sender. The email ends by asking the victim to print out the attached document which is required in order to pick up the package. Once the attachment is clicked, the malware is downloaded, causing the victim's computer to be corrupted.

Researchers at Comodo Threat Research Labs did not specify what kind of malware is inserted into the victim's PC, but they have confirmed that no ransomware has been detected in this campaign.

Comodo noted that other than a few formatting errors, the fake emails are very hard to spot. Unfortunately, this means the bad guys are getting that much better at tricking their victims by mimicking logos and color schemes used by corporations to appear legitimate.

FedEx has responded to this phishing attack and stated, “FedEx does not send unsolicited emails to customers requesting information regarding packages, invoices, account numbers, passwords or personal information.”

From an enterprise standpoint, reliable threat intelligence needs to be implemented to disturb any malware that enters the arena. It’s important to implement a layered security approach to your IT estate, and by working with NNT, your organization will be able to adopt a ‘layered and integrated approach’ to security that incorporates the right process, methodology and set of tools in order to guard your IT environment against today’s ever-evolving threat landscape.

With NNT's Change Tracker Gen7, your organization will come equipped with intelligent file integrity monitoring, compliance management, System Hardening, threat intelligence & security configuration management all powered by Intelligent Closed-Loop Intelligent Change Control, all working to make your IT estate as secure and compliant as possible.


Read this article on SC Magazine





NNT Suite of Products

change tracker gen7r2 logo

Combine industry leading Device Hardening, File Integrity Monitoring, Change Control, Configuration Management & Compliance Management into one easy to use solution that can scale to the most demanding environments!

fastcloud logo

Automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology) Integrity Assurance.

log tracker logo logo

Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds.

vulnerability tracker logo

Continuously scan and identify vulnerabilities with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

USA Offices
New Net Technologies LLC
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
1175 Peachtree St NE
Atlanta, Georgia, 30361.
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: (844) 898-8358
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire

Tel: 01582 287310
email [email protected]
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified
Copyright 2019, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.