Email Security Blog

Fresh Phish: Catch of the Day: Today's Flavor is FedEx Tracking

015 COTD FedEx

Product placement in the movies and on TV has been with us from the early days. It used to be extremely overt and in your face. Much like phishing attacks, product placement has grown more covert. It’s still exists but is subtler by implanting itself in our subconscious and is cleverly woven into story lines and subplots without us knowing it’s there. Our subconscious is exactly where cyber criminals often set their phishing trap.

One particular product placement came to mind when INKY pulled this FedEx-flavored catch of the day out of the digital depths, remember Castaway with Tom Hanks? That whole movie was basically an advertisement for FedEx and Wilson volleyballs, and you may not have even noticed.

Today’s attempt to bait an employee failed to fool INKY (as they all do), but as in many brand forgery attempts the attacker took the time to perfectly mimic a legitimate FedEx tracking notification.

Phishing Catch of the Day - FedEx_1

Note the logo and fonts. There is even a little graphic letting you know that your package is on the way. It’s well presented isn’t it? With so many of us online shopping these days, clicking to see when delivery is expected isn’t out of the question.

That’s what you and I see though. What INKY spotted speaks to her unprecedented vision and relentless nature:

Phishing Catch of the Day - FedEx_2

Let’s break this phishing email down:

  • Danger! INKY thinks this message looks dangerous: after evaluating the domain that the message came from INKY is convinced that you shouldn’t trust it.
  • Potential Sender Forgery: Not only has INKY realized that the domain is suspicious, but she is able to assess that it’s likely the sender is not a representative of FedEx.
  • Possible Brand Impression: INKY has used her computer vision to ascertain that the graphics in this email are not legitimate but rather clever recreations and the domain is not one of FedEx’s.
  • Phishing Content: INKY providers the recipient with context for the phishing attack, explaining that it’s likely trying to trick you into doing something dangerous.

And guess what? She’s right! Clicking on the tracking number takes the recipient to a phishing site and where they're looking to gather sensitive data or install malware.

Here is the thing, there is no reason to expose yourself or your organization to phishing attacks. INKY’s phish fence makes sure that when you receive a shipping notification, it’s actually a shipping notification. INKY annotates every email to ensure their fidelity and is loud about it when they are in question.

Contact us, we’ll have INKY active in an hour.