How to recognize and prevent FedEx scams

How do FedEx scams work?

FedEx scams are usually based on messages that appear to be official FedEx communication. A scammer may claim to be contacting you to resolve an issue with an upcoming delivery. To add credibility to the fraud, scammers may use dupes of official FedEx branding or they may even share some personal information, like your home address or a fake shipment tracking code, to convince you that they are FedEx employees.

Once a scammer reaches you, they will ask you to take some sort of action. You may be prompted to provide sensitive data, like your Social Security number or credit card information, to confirm your identity, claim your package, or pay unexpected fees. In the case of a FedEx phishing email, you may be redirected to a fake login screen or a malicious website.

If you take the bait and interact with the scammer, you can open yourself up to various negative outcomes, including identity theft, compromised credit cards or bank accounts, and ransomware.

What are the signs of FedEx scams?

While criminals are constantly refining their tactics, you can learn more about the most common warning signs of FedEx scams:

• Urgency. Be wary of messages encouraging you to respond immediately to ensure delivery. Scammers often create a sense of urgency to make you act without thinking. Most FedEx scams become obvious if you stop and think critically about the situation, so criminals will do their best to get you to take action before you recognize the danger.
• Requests for personal information. Shipping and delivery services don’t ask for your personal information. Don’t share sensitive data like your Social Security number, bank account information, or credit card number with anyone claiming to be a FedEx courier.
• Unknown senders. Be on your guard if you receive calls, text messages, or emails from a sender who is not in your contacts.
• Incorrect email addresses. When dealing with a potential FedEx scam email, look carefully at the sender’s email address. Scammers may use domains with slight misspellings or extra characters, like @fedx.com or @fed_ex.com, to trick you into thinking that the email comes from FedEx.
• Suspicious links. Avoid clicking suspicious links. They may lead to a fake login page that steals your user ID and password or to a malicious website that downloads malware onto your device.
• Strange attachments. Avoid downloading attachments from emails that you do not recognize. They may contain viruses, spyware, or other forms of malware.
• Offers that are too good to be true. Sometimes scammers try to entice you with prepaid debit cards, prize money, or a check. If the offer seems too good to be true, it probably is.

If you encounter any of these warning signs, tread carefully. It may be a scam.

Common methods of FedEx scams

Because FedEx is such a well-known shipping company, scammers have developed a variety of techniques to trick you. It’s important to be aware of common types of FedEx scams. We’ll review the top scamming methods — phishing, smishing, IM messaging, and vishing — and also highlight some known FedEx phishing attacks.

Phishing emails

FedEx phishing emails are fraudulent emails designed to get you to divulge personal information or download malware onto your device. This email may come from an unknown email address or an email attempting to mimic FedEx’s domain. Scammers may even employ a technique called email spoofing to make the sender’s address look exactly like a legitimate FedEx email account.

A FedEx phishing email often copies FedEx branding, like color schemes and logos, and includes a fraudulent request for action like:

• Pending delivery
• Customs charges
• Address confirmation
• Shipping issues
• Redelivery fees

The email will then prompt you to follow a link to provide the relevant information. This link will send you to a malicious website that could:

• Collect payment information, like credit card numbers or bank account information, to “pay” fraudulent fees.
• Steal personal data like photo IDs, Social Security numbers, and home addresses.
• Download malware, such as a virus, ransomware, or spyware, to your device.

If you think you’ve encountered a FedEx phishing email, delete it immediately and block the sender. Do not click any links or download any attachments.

Smishing

Smishing is a form of phishing that uses text messages (SMS) to target victims. Many FedEx customers opt for delivery text notifications to stay on top of their packages, but bad actors can take advantage of this convenient form of tracking to steal their information.

Scammers send a text message claiming to be from FedEx delivery tracking, a FedEx courier, or another official channel. The message will request immediate action to resolve a delivery issue, such as an address confirmation, custom fee payment, or re-scheduled package delivery, and provide a link.

If you click the link, you enter the same territory as from a phishing email: a fake website where you may be instructed to share personal data or financial information.

If you see a smishing text, delete it and block the number. However, scammers typically use burner phones and change their phone numbers frequently, so they may try to contact you again.

Instant messaging (IM) attack

Instant messaging (IM) attacks take advantage of online messaging platforms like Facebook Messenger, WhatsApp, and Telegram. They work similarly to smishing attacks because they contain malicious links within a text message, only this time they are hosted on an application instead of using SMS.

Vishing

Vishing, or voice phishing, is a type of phishing that occurs over a phone call. While vishers often target elderly people, anyone can become a victim. Instead of trying to get you to click a link, scammers will talk to you. They use social engineering to convince you to share your personal data over the phone or wire money to a specific individual.

Fake emails and texts are easy to spot, but when a scammer has you on the phone, they can make an argument and allay your suspicions. FedEx vishers claim to be FedEx employees and often use pressure tactics to drive you to action.

If you’re unsure whether you are on the phone with a legitimate FedEx customer service representative, hang up and call FedEx’s official customer support number: 1-800-GoFedEx (1-800-463-3339).

Credit card fraud

Online shopping makes it easier than ever to commit credit card fraud. Scammers don’t need to physically have your card anymore. They just need the cardholder’s name, primary account number, expiration date, service code, and ZIP code.

Because of the ease of modern credit card fraud, many cybercriminals may be after your credit card information. Be wary of entering your credit card information into an unknown website and never share your credit card details over the phone. Check out our blog post on storing credit card information online for more tips on avoiding online credit card fraud.

Common types of FedEx scams

Now that you understand the different techniques FedEx scammers may use, it is important to be on the lookout for known FedEx scams.

Contact required scam

One of the most common FedEx-related cybercrimes is the contact-required scam. Scammers will send you either a phishing email or a smishing text asking you to contact them. These messages are typically vague in the hope that your innate curiosity will encourage you to reach out, either by clicking a malicious link or calling a phone number. Once you make contact, the cybercriminals will try to steal your financial information or sensitive data.

ATM card delivery scam

The ATM card delivery scam involves a message that FedEx is attempting to deliver an ATM card to you and you have to pay a holding fee to receive it. Sometimes the bad actor will claim they are returning a misplaced card, which can cause you to panic, thinking your ATM card was somehow lost or stolen. In other cases, it may be a new ATM card or even a prepaid debit card.

The ATM card delivery scam typically involves a phishing email that links to a page where you can confirm personal identification information like your name, mailing address, and mobile number and enter your credit card or bank account information to pay the holding fee. However, in reality, the ATM card doesn’t exist and the scammers just stole your data!

Bank draft or check scam

The bank draft or check scam is a strong example of a too-good-to-be-true offer. Victims will receive an email claiming to come from FedEx about a bank draft or certified check that it is trying to deliver to you. Sometimes, the scammers will go so far as to pretend to be distant family members, business associates, lottery officials, or other benefactors sending you money.

The email prompts you for your personal information and requests a small delivery fee payment to claim the money. If you take the bait, you will be redirected to a fake website where you will be asked to provide credit card or bank account information to pay the delivery fee and confirm your personal information. However, you will never receive the fake check, and your data will be compromised.

Fake delivery failure

If you are anxiously awaiting a FedEx package, you may be the perfect victim of the fake delivery failure scam. Scammers typically time this scam to coincide with high delivery periods, like the holiday season, and they don’t limit themselves to just one message. Instead, they send a series of messages with increasing urgency.

In the fake delivery failure scam, you will receive a text or email informing you that a FedEx delivery could not be completed. Cybercriminals often provide fake delivery ID numbers to add credibility to the ruse. You will then be prompted to click a link or download an attachment to get the invoice necessary to pick up the package in person. However, interacting with the link or attachment will download malware, such as spyware, ransomware, or other viruses, to your device.

Fake FedEx status changes

The fake FedEx status changes scam is similar to the fake delivery failure one because it weaponizes text-based delivery notifications to deceive individuals into clicking a malicious link, which could give cybercriminals access to your personal information or device.

What to do if you have fallen victim to a FedEx scam

If you have fallen victim to a FedEx scam, it is important to take action immediately to secure your money and prevent identity theft.

Follow these steps for reporting FedEx phishing emails and other scams:

1. If you were the victim of phishing emails, smishing, or an IM attack, take a screenshot of the message.
2. Then, flag the message as spam, block the sender, and delete the message.
3. Scan your device for malware. If you find any, quarantine and remove it.
4. If you shared your credit card information or bank details, contact your bank’s fraud department. They will open an investigation and advise you on the next steps, such as freezing accounts, issuing a new credit card, and/or blocking fraudulent charges.
5. If you have shared any passwords, like your FedEx account or online bank account passwords, change them.
6. Report the scam to FedEx customer support so that they can open an internal investigation.
7. Report the scam to the Federal Trade Commission (FTC) to protect others.
8. Over the next few months, monitor your bank accounts and credit reports to immediately detect any fraudulent action.
9. If you are concerned your identity might have been stolen, consider contacting a credit bureau to freeze your credit. Freezing your credit can be a little extreme, but if your Social Security number has been compromised, you should definitely take this step to detect and prevent identity theft.

Getting scammed can be scary, but staying calm and acting quickly can minimize your losses.

How to protect yourself from FedEx scams

The best way to protect yourself from FedEx scams is to develop strong personal cybersecurity practices to stop scams in their tracks before scammers get your information.

Stay aware of the latest scams and follow these tips:

• Contact FedEx directly. If you are unsure whether a FedEx message is legitimate, use official FedEx contact channels, such as their customer service phone number, 1-800-GoFedEx (1-800-463-3339).
• Verify the sender. Always verify the sender whenever you receive a strange email, text message, or phone call.
• Never share your personal or financial information. A FedEx employee will never ask for your Social Security number, credit card details, or passwords. If someone is asking for this kind of personal data, they are likely a scammer.
• Don’t click any links or download any attachments. If a message seems suspicious, don’t interact with it. Avoid strange links or attachments.
• Check for digital certification. If you click on a link, check your browser’s address bar for digital certification, which is often indicated by a lock icon. This lock icon means that your connection is secure and the website isn’t trying to steal your data.
• Log into the FedEx website directly. Instead of clicking a suspicious login link, always access your FedEx account by logging in through the FedEx website.
• Set strong passwords. Create unique, hard-to-guess passwords for your FedEx and online banking accounts that combine upper- and lowercase letters, numbers, and characters.
• Use a VPN. A virtual private network, or VPN, encrypts your online traffic to keep you safer when browsing the web, especially when you’re on public Wi-Fi. Some VPN services also offer enhanced anti-phishing software. For example, using NordVPN’s Threat Protection Pro™ is a great way to protect yourself from scams and other phishing attacks.