How to Identify FedEx Email Scam

FedEx email scam tries to trick you into opening a dangerous email that pretends to be from FedEx but is actually from an email phishing scammer. If you click on a link in such an email your computer may get infected with a virus or malware.

The best protection against email phishing scams is understanding what they look like. Never click on any email links until you verify it is authentic.

Let's take a look at the following email to see why it is a FedEx email scam.

Example FedEx Email ScamExample FedEx Email Scam

This FedEx email scam claims that your package has been delivered. It has a tracking number, shipping date, delivery date and other information including:

  • Status (delivered)
  • Purchase order number
  • Reference number
  • Shipment ID
  • Service type
  • Packaging type
  • Recipient email
  • Weight

At first glance, it looks authentic.

Never, ever click on a link in an email until you are certain it is authentic. Spend a few seconds analyzing it to confirm it is real.

Let's take a closer look.


FedEx Email Scam Details

There are multiple areas of a potential scam email to examine. The more suspicious data points you find, the more likely it is indeed a FedEx email scam.


1) Email Header

Email header is the top section where the From:, Subject: and To: fields are.

Email header is easy to fake, you should never trust it.

There are obvious issues with the email header in this FedEx email scam:

  1. The From: email address doesn't look right. It should be more identifiable, for example it should have fedex.com as part of the address. Receiving a delivery email about your FedEx package from letterhead@esendsstrangeus.us is suspicious.

  2. The Subject: field also doesn't look right. What is "FedEx On Demand Delivery"? Deliveries are triggered by purchases. You don't just ask for a random "on-demand" delivery. This Subject: field doesn't look professional.

  3. Check that the To: email address is the one you usually use for online purchases.  Ideally, you should have a separate email address, or an alias, that you use only for e-commerce.

Remember, From:, Subject: and To: fields are easy to fake. Don't trust them if they are correct, but if they are obviously wrong the email may be a scam.


2) Tracking Number and Delivery Status

Let's look at the next set of information:

  • Tracking number
  • Delivery status
  • Shipment date
  • Delivery date

1) FedEx Tracking Number

The tracking number may or may not be real. The most common FedEx tracking number format seems to be 12 digits (XXXX XXXX XXXX) or 15 digits (XXXX XXXX XXXX XXX). It may also have 20 or 22 digits. This may or may not be country-specific.

The FedEx tracking number in this email has 15 digits. This doesn't give you enough information to conclude if it is real or not, because it doesn't look suspicious.

Do not click on the tracking number link!

Never click on any links or open any attachments in a suspicious email until you have done the investigation. Clicking on a link or opening an attachment may infect your computer with a virus or malware.

Instead, open your web browser and go to FedEx.com. Then manually type the tracking number in the FedEx.com "Tracking ID" search box yourself.

The search result may come back with an actual package information. But most likely, it will say "Not found". Either way, you have another data point.

"Not found" search result on FedEx.com points to a FedEx email scam.


2) Status: Delivered

The package was supposedly delivered. Were you expecting it? Did you get it?


3) Ship Date

If Tuesday is 03/13/2020 then Thursday (see Delivery Date) would be 03/15/2020 and not 03/17/2020.

Unless Delivery Date should be Saturday, 03/17/2020.

Also, 03/13/2020 is actually Friday.

It is unlikely FedEx makes such confusing mistakes.


4) Delivery Date

Did you purchase something that should get delivered on Thursday (or Saturday)?


3) Other Shipping Facts

So far in our detective work we have collected a few interesting data points. Let's continue our analysis, next is the FedEx logo and some other "shipment facts".


1) FedEx Logo

The FedEx logo looks official.


2) Shipment Facts

We already looked at the tracking number and delivery status, next are:

Purchase order number: Could be real. We don't know its format or length, so it doesn't give us any valuable information.

Reference number: Could be real. We don't know its format or length, so it doesn't give us any valuable information.

Shipment ID: Looks the same as the tracking number. "Shipment ID" sounds a bit awkward, but we can't conclude if it makes the email more or less authentic.

Service type: Could be real. "FedEx Home Delivery" sounds a bit strange, but maybe the FedEx marketing department renamed their products. We don't have enough information to conclude one way or the other.

Packaging type: Looks fine.

Recipient: Your email address. Check that it matches the email you usually use to make online purchases.

Weight: Could what you ordered weigh about 1.8 pounds?

Standard transit: Three days sounds reasonable.


4) Check Remote Content

If your email client is configured not to load any remote images without your consent (highly recommended), you can check manually where the remote images are located.

In Mozilla Thunderbird, this is done by clicking on the Options button. Your email client should have a similar button or control.

There is some content (images) that this email wants to load from fedex.com, that seems okay.

There is also some content it wants to load from esendsstrangeus.us, and that doesn't seem okay. Red flag and another pointer to a FedEx email scam.


5) Step Five

Let's check where the FedEx tracking number link points to.

If you hover your mouse over the tracking number link, you should see where it points to (see the bottom left corner on the above image).

In this case if you click on the tracking number link it would take you to some unknown website. If this was a real FedEx email, it would point to a location at fedex.com.

Take your time to read links very carefully. Links in scam emails often look like they are legitimate, but upon closer inspection you may notice a single character is misspelled in the domain name. If you just glance at it and click, you may get your computer infected with a virus or malware. Pay close attention when reading links.

But even if it pointed to fedex.com, unless you are 100% sure the email is from FedEx, you should not click on it. Instead, open your web browser and go to FedEx.com, then type in the tracking number in the "Tracking ID" search box yourself. This is much safer than clicking on a link.


6) Step Six

On the bottom of the email there is an unsubscribe link. That's a little strange, why would you unsubscribe from a one-time "your package is delivered" email? Hmm.

If you hover with your mouse over the unsubscribe link, it should show you where the link points to. In this case it points to some unknown website in Australia. That doesn't look right. Could this be because this is a FedEx email scam and not a real email from FedEx?


7) Subscribe Link

There is also a subscribe link. What would you subscribe to in this case? To receive more of "your package has been delivered" emails? For this package? For future packages?

You know from experience that "your packages has been delivered" emails are related to your online order. There is no newsletter to subscribe to. Each time you buy something online, you receive some informational FedEx emails about its delivery.

If you hover with your mouse over the subscribe link, it should show you where the link points to. In this case it points to some unknown email address. Don't click!

Another data point in your "this may be scam" scoresheet.


Conclusion

After our investigation we conclude that this email is a FedEx email scam because:

  1. It is from an unknown From: address
  2. Email Subject: looks a little suspicious
  3. You went to FedEx.com, typed in the tracking number, and it didn't find any
  4. Did you expect a package? Did you receive it?
  5. Shipping and delivery dates are out of whack and just don't add up
  6. Email wants to load remote content from esendsstrangeus.us
  7. Tracking number link points to some unknown and illegitimate website
  8. Unsubscribe link points to some unknown and illegitimate website
  9. Subscribe link points to an unknown and illegitimate email address

A good approach is to assume the email IS a FedEx email scam, and then look for proof that it is not. This will keep you on your toes, and you will be less likely to click on any links or email attachments.

Good luck in your email phishing scam hunting!

  1. Email Phishing Scams
  2. FedEx Email Scam