The package delivery company, FedEx, has been the recent target of a phishing scam targeting English and Italian speaking customers.
This phishing scam targeting FedEx customers uses a sophisticated social engineering scheme that involves the one thing we all want- our packages delivered.
This scam is currently limited to only English and Italian speaking customers, with many researchers believing these cyber criminals are trying to figure out which language generates the most traction.
Attackers are using the recipient’s fear of not getting their package delivered to their advantage. Cyber criminals start off by sending emails dressed up to look like an official FedEx correspondence with a malicious attachment attached to the email. The email states that the victims’ package was brought to the residence, but no one was home to sign for it, so they must visit a FedEx office within 48 hours or the item will be returned to sender. The email ends by asking the victim to print out the attached document which is required in order to pick up the package. Once the attachment is clicked, the malware is downloaded, causing the victim's computer to be corrupted.
Researchers at Comodo Threat Research Labs did not specify what kind of malware is inserted into the victim's PC, but they have confirmed that no ransomware has been detected in this campaign.
Comodo noted that other than a few formatting errors, the fake emails are very hard to spot. Unfortunately, this means the bad guys are getting that much better at tricking their victims by mimicking logos and color schemes used by corporations to appear legitimate.
FedEx has responded to this phishing attack and stated, “FedEx does not send unsolicited emails to customers requesting information regarding packages, invoices, account numbers, passwords or personal information.”
From an enterprise standpoint, reliable threat intelligence needs to be implemented to disturb any malware that enters the arena. It’s important to implement a layered security approach to your IT estate, and by working with NNT, your organization will be able to adopt a ‘layered and integrated approach’ to security that incorporates the right process, methodology and set of tools in order to guard your IT environment against today’s ever-evolving threat landscape.
With NNT's Change Tracker Gen7, your organization will come equipped with intelligent file integrity monitoring, compliance management, System Hardening, threat intelligence & security configuration management all powered by Intelligent Closed-Loop Intelligent Change Control, all working to make your IT estate as secure and compliant as possible.
Read this article on SC Magazine