The FEDEX SCAM

The FedEx Scam is a phishing or social engineering scheme where scammers impersonate FedEx or other courier services (DHL, BlueDart, Professional, DTDC etc) to trick victims into sharing personal or financial information. Here’s a typical script used in such scams:

Phase 1: Initial Contact

Medium: Email, SMS, or phone call. Most popular is phone call.

Content:

• Email/SMS Example: Subject: Delivery Notification - Action Required Dear [Recipient's Name], Your package is on hold due to incorrect address information. Please verify your details to ensure timely delivery. Click here to update your information: [Malicious Link] Thank you for choosing FedEx!
• Phone Call Example: Caller: “Hello, this is [fake name] from FedEx. We’re calling about a package addressed to you. There seems to be an issue with delivery. Could you confirm your address and provide payment details for re-delivery fees?”

Phase 2: Hooking the Victim

• The scammer pressures the victim with urgency:
  • “If you don’t act within 24 hours, your package will be returned or discarded.”
  • “Additional fees may apply if the issue is not resolved immediately.”
• They may ask the victim to:
  • Provide personal information like their address or phone number.
  • Pay a “delivery fee” via a phishing link or share credit card details.
  • Download a document or app that installs malware.

Phase 3: Exploitation

• If the victim provides personal or financial information, it’s used for identity theft or fraud.
• Clicking on malicious links may lead to phishing websites that steal login credentials or install malware.
• Fake payment processing leads to unauthorized transactions.

Red Flags

• Unexpected communication about a package you weren’t expecting.
• Grammatical errors or unprofessional tone in emails or SMS.
• Links that lead to unfamiliar or suspicious websites.
• Requests for personal or financial information.

How to Identify and Avoid the Scam

• Verify Directly:
  • Contact FedEx or the courier service directly using their official website or customer service number.
  • Track packages on the official site only.
• Examine the Message:
  • Check for grammatical or spelling errors.
  • Look at the sender’s email domain or SMS sender ID (e.g., official FedEx emails will end with “@fedex.com”).
• Do Not Click Links:
  • Avoid clicking on links in unsolicited emails or SMS.
  • Instead, visit the courier’s official website.
• Do Not Share Information:
  • Never share personal details or payment information over unsolicited calls, emails, or SMS.
• Use Security Tools:
  • Keep antivirus software updated to detect and block malicious links or downloads.
  • Enable two-factor authentication for financial and online accounts.
• Check for Scams in ScamYodha with phone number/emailid of sender or keyword search

The Next Step – Report the Scam

1. To FedEx:

• Email: Forward the phishing email to abuse@fedex.com.
• Website: Report the scam through the Fraud Reporting Page.

2. To Local Authorities:

• File a complaint with the Cyber Crime Cell in your city or state.
• Use the Indian government’s official cybercrime portal: Cyber Crime Reporting Portal.

3. To Your Bank:

• If financial details were shared, immediately contact your bank to freeze your account or block your card.
• Monitor your account for unauthorized transactions.

4. To CERT-In (India’s Computer Emergency Response Team):

• Report scams at CERT-In.

5. To Anti-Phishing Platforms:

• Report the scam in ScamYodha website https://www.scamyodha.com/

Soja Sam