FedEx is Supposed to be a Source of Phishing Email Campaign
As per the security experts at security firm maxlabs a new sophisticated phishing campaign that claim to be from FedEx, a famous courier company is presently moving in internet.
Having the subject as "your fedex.com account will soon expire", and sent from spoofed address "FedEx online services email@example.com" the phishing email elaborates as "account needs an entire update of ones profile. We (FedEx) have recently identified that various computer user had endeavored to gain right to use to the online account and various password was tried with the specific user ID. It is now important to verify all information provided in your account to us. In case of any delay of 24-48 hours, towards providing information, we will be compelled to stop all access to your account as it may have been employed for fraudulent purpose," as reported by blog.mxlab.eu dated June 22, 2012.
"Kindly log on, else your ID and profile would be omitted from all our records," the fake email continues to threaten.
The tactfully placed link does not point to official FedEx site, rather it points to the compromised site of polish Carpet Company that is most rather remains unknown to the matter that cybercriminals have rented their domain to host a phishing page.
The trickiest part of the webpage remains that its perfectly designed, and a majority of the links pointing to fedex.com actually.
As the user click on the log in button after entering the credentials, the detail is reverted to a server restricted by the phishes. As a result of which, the victim is being forwarded to the genuine FedEx domain.
However, in general, Internauts and FedEx customers are advised to be careful of unwanted emails that attempt to attract them to forged websites.
In this case, it's quite obvious that the webpage is a part of plot as the URL showed in the address bar is not fedex.com, but [company name.]Pl, security experts at maxlabs highlights.
FedEx on its own end on its official site suggest users by claiming that if you got a fraudulent email that declares it is from FedEx, you can report it by forwarding it to firstname.lastname@example.org. If the fraudulent email leads to financial loss you should contact you're banking institution as soon as possible via appropriate channels .also consider contacting the IC3 or your state attorney general's office.
Related article: FTC Can’t Cope With Offshore Spammers
» SPAMfighter News - 03-07-2012