FedEx email scam tries to trick you into opening a dangerous email that pretends to be from FedEx but is actually from an email phishing scammer. If you click on a link in such an email your computer may get infected with a virus or malware.
The best protection against email phishing scams is understanding what they look like. Never click on any email links until you verify it is authentic.
Let's take a look at the following email to see why it is a FedEx email scam.
This FedEx email scam claims that your package has been delivered. It has a tracking number, shipping date, delivery date and other information including:
At first glance, it looks authentic.
Let's take a closer look.
There are multiple areas of a potential scam email to examine. The more suspicious data points you find, the more likely it is indeed a FedEx email scam.
Email header is the top section where the From:, Subject: and To: fields are.
Email header is easy to fake, you should never trust it.
There are obvious issues with the email header in this FedEx email scam:
Remember, From:, Subject: and To: fields are easy to fake. Don't trust them if they are correct, but if they are obviously wrong the email may be a scam.
Let's look at the next set of information:
1) FedEx Tracking Number
The tracking number may or may not be real. The most common FedEx tracking number format seems to be 12 digits (XXXX XXXX XXXX) or 15 digits (XXXX XXXX XXXX XXX). It may also have 20 or 22 digits. This may or may not be country-specific.
The FedEx tracking number in this email has 15 digits. This doesn't give you enough information to conclude if it is real or not, because it doesn't look suspicious.
Do not click on the tracking number link!
Instead, open your web browser and go to FedEx.com. Then manually type the tracking number in the FedEx.com "Tracking ID" search box yourself.
The search result may come back with an actual package information. But most likely, it will say "Not found". Either way, you have another data point.
"Not found" search result on FedEx.com points to a FedEx email scam.
2) Status: Delivered
The package was supposedly delivered. Were you expecting it? Did you get it?
3) Ship Date
If Tuesday is 03/13/2020 then Thursday (see Delivery Date) would be 03/15/2020 and not 03/17/2020.
Unless Delivery Date should be Saturday, 03/17/2020.
Also, 03/13/2020 is actually Friday.
It is unlikely FedEx makes such confusing mistakes.
4) Delivery Date
Did you purchase something that should get delivered on Thursday (or Saturday)?
So far in our detective work we have collected a few interesting data points. Let's continue our analysis, next is the FedEx logo and some other "shipment facts".
1) FedEx Logo
The FedEx logo looks official.
2) Shipment Facts
We already looked at the tracking number and delivery status, next are:
Purchase order number: Could be real. We don't know its format or length, so it doesn't give us any valuable information.
Reference number: Could be real. We don't know its format or length, so it doesn't give us any valuable information.
Shipment ID: Looks the same as the tracking number. "Shipment ID" sounds a bit awkward, but we can't conclude if it makes the email more or less authentic.
Service type: Could be real. "FedEx Home Delivery" sounds a bit strange, but maybe the FedEx marketing department renamed their products. We don't have enough information to conclude one way or the other.
Packaging type: Looks fine.
Recipient: Your email address. Check that it matches the email you usually use to make online purchases.
Weight: Could what you ordered weigh about 1.8 pounds?
Standard transit: Three days sounds reasonable.
If your email client is configured not to load any remote images without your consent (highly recommended), you can check manually where the remote images are located.
In Mozilla Thunderbird, this is done by clicking on the Options button. Your email client should have a similar button or control.
There is some content (images) that this email wants to load from fedex.com, that seems okay.
There is also some content it wants to load from esendsstrangeus.us, and that doesn't seem okay. Red flag and another pointer to a FedEx email scam.
Let's check where the FedEx tracking number link points to.
If you hover your mouse over the tracking number link, you should see where it points to (see the bottom left corner on the above image).
In this case if you click on the tracking number link it would take you to some unknown website. If this was a real FedEx email, it would point to a location at fedex.com.
But even if it pointed to fedex.com, unless you are 100% sure the email is from FedEx, you should not click on it. Instead, open your web browser and go to FedEx.com, then type in the tracking number in the "Tracking ID" search box yourself. This is much safer than clicking on a link.
On the bottom of the email there is an unsubscribe link. That's a little strange, why would you unsubscribe from a one-time "your package is delivered" email? Hmm.
If you hover with your mouse over the unsubscribe link, it should show you where the link points to. In this case it points to some unknown website in Australia. That doesn't look right. Could this be because this is a FedEx email scam and not a real email from FedEx?
There is also a subscribe link. What would you subscribe to in this case? To receive more of "your package has been delivered" emails? For this package? For future packages?
You know from experience that "your packages has been delivered" emails are related to your online order. There is no newsletter to subscribe to. Each time you buy something online, you receive some informational FedEx emails about its delivery.
If you hover with your mouse over the subscribe link, it should
show you where the link points to. In this case it points to some
unknown email address. Don't click!
Another data point in your "this may be scam" scoresheet.
After our investigation we conclude that this email is a FedEx email scam because:
A good approach is to assume the email IS a FedEx email scam, and then look for proof that it is not. This will keep you on your toes, and you will be less likely to click on any links or email attachments.
Good luck in your email phishing scam hunting!