Beware: Fake FedEx Text Alerts and Emails Used in New Scam

An awful lot of spam is making the rounds, both in email and mobile text format. With an average of 300 billion emails being sent daily and the majority being spam with unsolicited or malicious content, it is a very serious issue. With so much of it going around, it is no wonder that there are bad actors out there who pretend they represent huge corporations and household names. FedEx, the shipping and delivery company, happens to be among those names.

In early 2020, there were reports of suspicious text messages that claimed the recipient had a package being delivered by FedEx, with a link in the text that is supposedly used to "set delivery preferences." The unsolicited text messages use that link to take the victim to a fake Amazon product page, asking for a survey to be filled out. The pre-survey message box claims that the victim will receive a "at least $100" reward for completing the survey. Once the survey is complete, the victim is presented with a payment screen that asks for credit card information, promising the survey reward for free but asking for a "shipping and handling" fee of a few dollars.

Bogus FedEx Emails and Text Messages Look Fake to Some

One of the many fake FedEx emails circulating looks similar to the 'Figure 1' image below. Several giveaway signs (like grammatical errors) indicate the message is bogus, but not everyone will notice them. For instance, below the confirmation button, there is a large paragraph of small-type text that explains you are not just paying for this one-time thing but will be charged the product's full price within 14 days unless you cancel by phone call and then you'd be automatically subscribed for recurring monthly orders and payments.

There are a lot of things that should serve as red flags and stop the victim long before they sink neck-deep. The first and most obvious one would be that FedEx will never make unexpected requests for money to deliver any item, much less dig for unsolicited personal information via mobile text. The company actually has a page on its own website to help people detect this sort of scam and avoid it as best they can.

Figure 1. - Bogus FedEx email example image - Source: ConsumerAffairs.com

Another very obvious hint that something is very wrong with the original scam message text is the URL the victim is expected to tap - "d8erz dot info" doesn't exactly look like a domain name associated with FedEx. Additionally, the very first page you see upon tapping the fake link to allegedly "set delivery preferences" is a fake Amazon page, which should also trigger some sort of red light.

FedEx has had its name used in a number of malicious campaigns in the past. There have been multiple spam email campaigns where fake emails with poor grammar and spelling errors. The move to mobile messaging seems like a modern extension of those old email scams. Unfortunately, there is no foolproof method to avoid this FedEx name exploitation in various scams. Hence, users must be vigilant to protect themselves from such malicious schemes.