Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Issue 109 - December 2010 - Page 15

Pages in this month's issue:
  1. PDS (Parcel Delivery Service) Premium Rate Scam Warning
  2. Check Your Receipts - Cash Back Scam Warning Email
  3. Christmas Tree App Virus Hoax
  4. Dan Murphy's 30% Off Voucher Hoax
  5. Warning from 'British Ministry of Health' - Danger From Broken Energy Saving Bulbs
  6. Friendship Inquiries Hacker Alert Hoax
  7. 'Strange City in Greece' Photographs
  8. Iceberg Spotted at Cape Town?
  9. Viral Video - Time Traveller in Charlie Chaplin Film?
  10. Bogus Facebook Rumour- Harry Graham Pedophile Warning
  11. Maria at Dell Hospital Money for Forwarding Hoax
  12. 'Very Important Message' Facebook Spam
  13. Optus ADSL Service Cancellation Phishing Scam Email
  14. Postcard Image Virus Hoax
  15. FedEx Incorrect Delivery Address Malware Email
  16. Plea to Help Find Missing Three Year Old Girl - Jewel Strong
  17. Mobile Phone Medical Equipment Warning - Phone Interference Caused Death Hoax
  18. USAA Phishing Scam Email
  19. Hilton Hotel Job Offer Scam Email

Issue 109 Start Menu

Previous Article            Next Article

FedEx Incorrect Delivery Address Malware Email

Outline
Email purporting to be from delivery company FedEx claims that a package en route to the recipient has been returned due to an addressing error and that he or she must open an attached file to print a mailing label in order to receive the package.



Brief Analysis
The email is not from FedEx. The claim that a package has been returned is a lie designed to trick recipients into opening the attached file. The attachment contains malware.

Bookmark and Share
Detailed analysis and references below example.

Enter your email address to subscribe to the Hoax-Slayer Newsletter:




Last updated: 12th November 2010
First published: 12th November 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: FedEx Invoice copy No60359

Your package has been returned to the FedEx office.
The reason of the return is - Incorrect delivery address of the package.

Attached to the letter mailing label contains the details of the package delivery.
You have to print mailing label, and come in the FedEx office in order to receive the packages.

Thank you.
FedEx Express Services.

Attached File:
FedEx_mailing_label_ID.S2950.zip




Detailed Analysis
According to this email, which claims to be from delivery company FedEx, a package en route to the recipient has been returned to the FedEx office due to an error in the package's delivery address. The email instructs the recipient to open an attached file which supposedly contains a mailing label that must be printed out and taken to a FedEx office to allow correct delivery of the package.

However, the email is not from FedEx and the claim that a package has been returned is a lie designed to fool the recipient into opening the attached file. The attachment does not contain a mailing label. Instead, it contains a malicious .exe file, hidden inside a seemingly innocuous .zip file, that can install malware on the user's computer. The malware can modify the registry on the infected computer, connect to remote servers and download and install additional malware. Wording of the malware emails may vary, although all make reference to a package that could not be delivered.

FedEx has published a warning about this threat on its website, noting:
Be alert for fraudulent e-mails claiming to be from FedEx regarding a package that could not be delivered. These e-mails ask the receiver to open an attachment in order to obtain the airbill or invoice for picking up the package. The attachment contained in this type of e-mail activates a virus. DO NOT OPEN the attachment. Instead, delete the e-mail immediately.

These fraudulent e-mails are the unauthorized actions of third parties not associated with FedEx. When FedEx sends e-mails with tracking updates for undeliverable packages, we do not include attachments.
The tactic is not new, and has been used almost continually by malware distributors since at least 2008. Other long running versions of the malware emails claim to be from United Parcel Service (UPS) rather than FedEx.

Users should be wary of any emails that claim that delivery of a package by FedEx or UPS has failed or been delayed. Do not open any attachments that arrive with such emails as they are likely to contain trojans or other malware. Do not click any links in such emails as they may lead to malicious websites that also contain malware.

Bookmark and Share

References
Troj/Agent-OOF
FedEx - Virus Alert
Not Able to Deliver UPS Package Malware Email
Threat Outbreak Alert: Fake United Parcel Service Shipment Error E-mail Messages



Previous Article            Next Article

Issue 109 Start Menu

Pages in this month's issue:
  1. PDS (Parcel Delivery Service) Premium Rate Scam Warning
  2. Check Your Receipts - Cash Back Scam Warning Email
  3. Christmas Tree App Virus Hoax
  4. Dan Murphy's 30% Off Voucher Hoax
  5. Warning from 'British Ministry of Health' - Danger From Broken Energy Saving Bulbs
  6. Friendship Inquiries Hacker Alert Hoax
  7. 'Strange City in Greece' Photographs
  8. Iceberg Spotted at Cape Town?
  9. Viral Video - Time Traveller in Charlie Chaplin Film?
  10. Bogus Facebook Rumour- Harry Graham Pedophile Warning
  11. Maria at Dell Hospital Money for Forwarding Hoax
  12. 'Very Important Message' Facebook Spam
  13. Optus ADSL Service Cancellation Phishing Scam Email
  14. Postcard Image Virus Hoax
  15. FedEx Incorrect Delivery Address Malware Email
  16. Plea to Help Find Missing Three Year Old Girl - Jewel Strong
  17. Mobile Phone Medical Equipment Warning - Phone Interference Caused Death Hoax
  18. USAA Phishing Scam Email
  19. Hilton Hotel Job Offer Scam Email