SCAM ALERT: Beware of emails “from” FedEx, UPS, USPS, and online retailers

During the holiday season, email phishing and malware scams dramatically escalate. Nearly everyone is shipping packages, expecting packages, or tracking deliveries. It’s a golden opportunity for con artists to hoodwink you into clicking on a link in a seemingly legitimate email.

Here’s one we received at our Medford store, just this morning:

Fake FedEx delivery failure notice
Scan suspicious emails for misspelled words or mangled syntax (like the first sentence in this one).

On the surface, it looks legit—until you examine more closely. Vigilance is key. The whole point of these scam emails is to trick you into clicking on their link. Once you do, it could enable the installation of malware, or the ransom of your computer’s hard drive, or identity theft—or a combination of these.

Let’s take a closer look at this email, while carefully avoiding actually clicking that link. First, examine the return address. Here’s what it looked like in our email:

Detail of suspicious return address on fake FedEx scam email

We’re pretty sure the FedEx email system doesn’t originate out of something called “hindquarterly.com.” Now let’s see where that link would take us, if we were to actually click on it. You can do this by hovering your computer’s cursor over the link. Soon, it will reveal its true nature:

Detail of actual link destination for fake FedEx email scam

It’s obviously not going to take you to anything having to do with FedEx. In fact, the .eu domain indicates it’s of European origin, but even that could be completely falsified.

So practice safe computing this holiday season (and all year long). Remember the following:

  • FedEx, UPS, and USPS never send unsolicited emails. Instead, shipping companies will call you or leave a tag on the door.
  • Learn to spot fraudulent emails and websites.
  • Anti-virus or security software doesn’t guarantee scam emails can’t hurt you.
  • Keep your login info and passwords for shipping company sites safe and secure.
  • Also safeguard your FedEx, UPS, and USPS account numbers.
  • Exercise caution with public computers, which can cache personal data and login details. Be sure to completely log off any sites, and to clear the browser’s cache before leaving.
  • Learn to recognize common warning signs of online scams:
    • Unexpected requests for money in return for delivery of a package, often with a sense of urgency.
    • Requests for personal and/or financial information.
    • Links to misspelled or slightly altered Web-site addresses (fedx.com, fed-ex.com, etc.)
    • Spelling and grammatical errors or excessive use of capitalization and exclamation points.
    • Claims that you have won a large sum of money in a lottery or settlement.
    • Certificate errors or lack of SSL for sensitive activities.
  • If you’re still not sure if the email is fake or legitimate, try replying to it. Most companies will issue an automatic reply back, informing you the email address is not monitored. If you get a human response, it’s almost certainly a scam.
  • The point of scam emails is to get you to click on a link. Don’t click on anything until you know exactly where it will take you.

We want our customers—and their computers—to enjoy a safe and relaxing holiday season. With a little bit of heightened attention, you can prevent security breaches and all the heartache that can bring.