A new phishing scam is targeting FedEx customers who are waiting on a delivery. The Comodo Threat Research Labs team said in a report that the campaign, targeting people in English and Italian, uses emails dressed up to look like an official FedEx correspondence that also contains a malicious attachment.

This new scam uses an email that tells the customer that they had a delivery taken to their door, but no one was home. It goes on to say that they must come to the FedEx office to retrieve the package. In order to verify their identity, they must print out the attachment.

Of course the attachment is malicious.

Fatih Orhan, director of technology at Comodo and the Comodo Threat Research Labs, said: "Because Comodo is able to work with and execute unknown files in our container technology, we were able to review and decipher the attachment as rogue malware, designed to simply cause endpoints and computers to be corrupted. We did not detect any ransomware at all associated with this specific stream.”

There is speculation as to why the email is in Italian and English unless the attackers are gauging which is the more lucrative target.

The package-delivery company offered an easier method to tell whether or not an email correspondence is valid.

"FedEx does not send unsolicited emails to customers requesting information regarding packages, invoices, account numbers, passwords or personal information," FedEx said in a statement.



Source: SCMagazine