Fake FedEx Email Borne Malware Alert
Over the last 24 hours we have seen a large influx of a new email borne malware campaign alleging to be a notification of non-delivery from FedEx.
The email alleges that you sent a package on July 25, but because the recipient's address was not correct when it was shipped it had not been delivered. It then asks the user to print out a copy of the attached invoice (a .zip file which contains malware) and to collect a copy of the package at the FedEx Office (address of office not given, which should be one clear indicator that something is fishy about the email).
Sample subject lines that we have seen in our Threat Operations Center include:
You Have A Package!!!
Tracking N <fake tracking number>
Volumes have been pretty high as we have seen over 21M of these fakes hit our systems within the last 24 hours, accounting for about 80% of all of the email borne malware that we have seen over that same period.
It's times like this that we are reminded that although many of the large scale malware campaigns that we now see are hosted on infected web sites, static malware distributed over email is still an active, viable tactic being employed by cyber criminals.
Posted by smasiello at 10:37 AM | Link | 2 comments
Comments
Re: Fake FedEx Email Borne Malware Alert
I've received a fraud Email using your name. Please sdvise where to Email the copy. My home phone #(520) 573-6580. Please advise.
Posted by Jacob Tedla on September 14, 2008 at 10:21 AM
Re: Fake FedEx Email Borne Malware Alert
I have received a fake email, where could I forward it to you so you could investigate it. It hurts the company name. This has got to be mail fraud!!!
Posted by Mark Braun on November 10, 2008 at 4:28 PM
