Fake FedEx agent notice installs malware
Last week we mentioned a fake DHL email that steals user information and delivers malware to the victim’s PC. This week we present another spam email, this time supposedly from FedEx. This email also claims the recipient has a parcel waiting for delivery. Like the DHL email, this one also will attempt to install malware. However, in the case the malware is delivered via an email attachment.
The email is reproduced in Figure A. It’s not particularly subtle. The subject line of the email is “<name> agent FEDEX”, whilst the sender of the email is listed as “FEDEX AGENT”. The purpose of the email is to advise the recipient that a FedEx agent could not deliver an item. The recipient of the email is advised to download an attached file which is supposedly an invoice for the parcel.
Once downloaded, the recipient can then print the invoice and present it to their nearest FedEx location. A number that is supposed to be a FedEx tracking number is included in the email, and forms part of the file name of the attached .zip file.
Unfortunately the attachment provided in the email contains malware. In most cases the malware has turned out to be a form of ransomware; typically CryptoLocker. CryptoLocker encrypts any Office files on local or network drives, and will display a message when the user attempts to open the file. The message demands payment of a ransom. If the user pays the ransom, they are supplied with a private key that will (supposedly) unlock their files.
The email is fairly “bare bones”; there is not even FedEx logo. Nor are there any links to a FedEx site let alone a malicious site. Emails claiming the recipient has a parcel waiting to be delivered have been in circulations over the last year. They usually follow a similar pattern to this email.
FedEx have a statement on their US website regarding fake emails. The bottom line with this type of email is don’t download the attachment. Don’t attempt to open the attachment. If you do receive this mail, delete it.