Beware the Fed-Ex Scam!

Yesterday I received a phone call from a client that said she had received an email from Fed-Ex with the subject line “Undeliverable Parcel Notification”.  She happened to have recently sent a Fed-Ex shipment so was concerned that it could not be delivered so she opened the email and clicked the link.  Windows immediately started popping up on her screen warning of virus infections and asking her to enable a security service. She was infected with a virus.

Many times these things can be easily resolved over the phone by instructing the client to go into safe mode with command prompt and running system restore.  In this case the virus had even managed to infect safe mode and she could not run system restore.  She couldn’t run anything from a USB drive or anything already installed on her computer.  More research and several phone calls later I decided it was best to visit the client armed with CD’s and USB drives loaded with anti-virus weaponry.

Several hours later I managed to get her computer restored and she was able to do her job.  It was one of the more difficult infections I’ve ever dealt with.

How do you protect yourself?

Obvious Visual Clues
First, you should be aware that malicious code can be in any email message.  You need to be watchful for clues that the message might not be something you want to deal with.  We all know to stay away from the messages advertising Viagra and Czech brides, but there are some less obvious clues.  One such clue is that the subject line or message do not make sense.  If you’ve never sent, or are not expecting a, Fed-Ex package then you should be very suspicious of the “Undeliverable Package” scam.  The nasty message my client received came at a very bad time since she had recently sent a package by Fed-Ex so it did seem legitimate for her.  If you don’t deal with a particular bank that just sent you a message about your account – send it to trash.  Many times you will receive messages with jumbled text or other language that does not make sense – send it to trash.  It is sad to say but these days it is necessary to train yourself to be suspicious of everything.

Links
If there is a link in the message you should make certain that the link is valid.  Many email programs will show you the URL of the link if you hover over it with your cursor.  At a quick glance you might think it’s a valid link but you should study it carefully – http://fed-ex.cz/… is not the same as http://fed-ex.com/…  or http://yourbank.customers.com/ is not the same as http://yourbank.com/customers. This is known as “Phishing”.  You can get more information on phishing from the Wiki located here.  Remember, the URL in the text of the message is not necessarily the URL that you will be taken to if you click the link.  Never click a suspicious link – send it to trash.  If you are unsure there is no harm in calling someone to make sure an email is legitimate.

Attachments
You should be very suspicious of attachments, even if they are from someone you know.  Messages can be received from a friend’s email address even though the friend did not send them.  This is the result of email hijacking.  Somehow the hijacker has gotten access to an email password, or is simply using that email address to to send messages.  If they have your password, most likely obtained through a phishing scheme (above), they can actually use your email account to send the messages.  Never open a suspicious attachment – send it to trash.  If you are not sure you can create a new message to the sender of the suspicious message asking if it’s safe – don’t reply to the original message since it might not go where you think.

Resources
If you are suspicious you can always do a search for the subject line or attachment name.  If a message is a scam then you will likely get lots of results.  Snopes.com is a great resource for determining what is a scam and what is not.

Many businesses state that they will never send you anything asking for personal information.  I checked with a friend of mine that is a Fed-Ex representative and he said that Fed-Ex will not send such messages.  They even have notices on their web site listing several scam messages being sent in their name.

The big “legitimate” message I want to leave you with is “When in doubt ask someone”.  I receive a few phone calls a month from clients that have received email messages that they are not sure about.  Most time they were right to call.

Have a great day!

Scott
Your Digital Coach