There is an awful lot of spam making the rounds, both in email and mobile text format. With an average of 300 billion emails being sent every day and the majority of those being spam that has unsolicited or malicious content, spam is a very serious issue. With so much of it going around, it is no wonder that there are bad actors out there who pretend they represent huge corporations and household names. FedEx happens to be among those names.
In early 2020 there have been reports of mobile texts that claim the recipient has a package being delivered by FedEx, with a link in the text that is supposedly used to "set delivery preferences". The fake texts use that link to take the victim to a fake Amazon product page, asking for a survey to be filled out. The pre-survey message box claims that the victim will receive a reward worth "at least $100" for completing the survey. Once the survey is over, the victim is presented with a payment screen that asks for credit card information, promising the survey reward for free but asking for a "shipping and handling" fee of a few dollars.
Bogus FedEx Emails and Text Messages Look Fake to Some
One of the many fake FedEx emails circulating looks similar to the 'Figure 1' image below. There are several giveaways to the message being bogus but not everyone will be so wise to notice. Below the confirmation button, there is a large paragraph of small-type text that explains you are actually not just paying for this one-time thing, but will be charged the product's full price within 14 days unless you cancel by phone call, then be automatically subscribed for recurring monthly orders and payments.
There are a lot of things that should serve as red flags and stop the victim long before they sink neck-deep. The first and most obvious one would be that FedEx will never make unexpected demands for extra payments for the delivery of any item, much less dig for unsolicited personal information via mobile text. The company actually has a page on its own website to help people detect this sort of scam and avoid it as best they can.
Figure 1. - Bogus FedEx email example image - Source: ConsumerAffairs.com
Another very obvious hint that something is very wrong with the original fake text is the URL the victim is expected to tap - "d8erz dot info" doesn't exactly look like a domain name associated with FedEx. Additionally, the very first page you see upon tapping the fake link to allegedly "set delivery preferences" is a fake Amazon page, which should also trigger some sort of red light.
FedEx has had its name used in a number of malicious campaigns in the past. There have been multiple spam email campaigns where fake emails with poor grammar and spelling were used. The move to mobile messaging seems like a modern extension of those old email scams.