In December 2022, a FedEx email scam was going around that claimed to be a "package delivery notification" from the company, which said, "Your package is held in our warehouse." The scam was being sent around at the same time that people across the world were ordering and receiving packages for gift-giving holidays.
We previously looked at similar scams for UPS, the U.S. Postal Service (USPS), and other package delivery companies. In fact, one of our previous stories about a FedEx package delivery email scam was published a decade ago. Needless to say, scammers have been doing this for a long time.
The FedEx Scam Email
According to a copy of the FedEx email scam that we reviewed, the message came from firstname.lastname@example.org. This was not an official FedEx email address.
The message read as follows:
Your package delivery Notification ID#0164278468-735
'Fedex'⚡ email@example.com via walisdom.biz
Important Message for (name)
Your package delivery Notification
Your package is held in our warehouse
You have (1) package waiting for you in our warehouse, ready for delivery. Use your order number to track and receive your package!
TRACK YOUR PACKAGE
Expected delivery: 1 - 2 days
Investigating the Scam
The tracking number was real, but the package associated with it had already been delivered in April 2022. The scammers sent the email in the hope that people might click the link, not look up the tracking number.
We investigated the link in the email and found that it was a phishing scam, meaning that the scammers were looking to obtain personal information and financial data.
The link in the scam email led to the URL, storage.googleapis.com/pemotion/tixrin.html, which was followed by a long string of additional code that likely was for the scammers' own tracking purposes. Upon clicking on the URL, we were led to mooltay.com, then redirected to ponnel.com, a website that displayed an "Express" logo without the word "Federal" in front of it.
On the ponnel.com scam website, we were guided through a series of questions about the supposed package delivery issue. One step falsely claimed that there would be a $1.95 charge to release the nonexistent package from a customs distribution hub.
At the end of the steps, the ponnel.com website redirected to webwinnalists.com, a page that asked for personal information and a credit card number. We strongly advise against giving any of these websites your data.
Guidance from FedEx
On FedEx.com, one of the scams the company advises that its customers be on the lookout for was, "Unexpected requests for money in return for delivery of a package, often with a sense of urgency." That's exactly what this FedEx email scam for a "package delivery notification" was all about.
By email, FedEx shared the following statement with us:
FedEx does not send unsolicited text messages or emails to customers requesting money or package or personal information. Unfortunately, scammers often invoke the names of trusted brands when attempting to take advantage of the public and FedEx is one of many companies whose brand has been abused in this way. Any suspicious text messages or emails should be deleted without being opened and reported to firstname.lastname@example.org. For more tips on detecting online scams, visit the FedEx Customer Protection Center at https://www.fedex.com/us/security/prevent-fraud.
This story will be updated if further details come to light.
"Recognize & Report Fraud." FedEx.com, https://www.fedex.com/en-us/trust-center/report-fraud.html.