FedEx phishing

Discussion in 'Phishing' started by xmanhere, Apr 5, 2011.

  1. xmanhere

    xmanhere Ninja

    FedEx system notification
    From FedEx
    Return-Path: <18infov@fedex.com>
    Date: Tue, 05 Apr 2011
    Reply-To: "FedEx" <18infov@fedex.com>
    From: "FedEx" <18infov@fedex.com>
    Message contains attachments1 File (7KB)(Virus)
    198.47.214.204 Unknown Unknown Unknown

    Dear customer

    The parcel was sent your home adress And it will arrive within 10 business days

    More information and the tracking number are attached in document below.

    Thank You

    © FedEx 1995-2011

    also
    FedEx system notification
    Return-Path: <84infotmkif@fedex.com>
    Date: Tue, 05 Apr 2011
    From: "FedEx" <84infotmkif@fedex.com>
    To: <kdmtar@yahoo.com>
    Subject: FedEx system notification
    52.185.247.114 E.I. du Pont de Nemours and Co. Wilmington United States
    4.226.150.54 Level 3 Communications Cleveland United States

    Dear customer

    The parcel was sent your home adress And it will arrive within 10 business days

    More information and the tracking number are attached in document below.

    Thank You

    © FedEx 1995-2011

    and

    FedEx system notification
    Return-Path: <43infoqqbid@fedex.com>
    Date: Tue, 05 Apr 2011 02:30:10 +0400
    From: "FedEx" <43infoqqbid@fedex.com>
    Subject: FedEx system notification
    51.159.153.234 UK Government Department for Work and Pensions n/a Great Britain
    95.24.192.173 Investelektrosviaz Ltd. n/a Russian Federation
    Return-Path: <43infoqqbid@fedex.com>
    Date: Tue, 05 Apr 2011
    From: "FedEx" <43infoqqbid@fedex.com>
    Subject: FedEx system notification
    Message contains attachments1 File (7KB)FedEx.zipCompact (Virus) Headers

    Dear customer

    The parcel was sent your home adress And it will arrive within 10 business days

    More information and the tracking number are attached in document below.

    Thank You

    © FedEx 1995-2011
     
  2. Yasir

    Yasir New Member

    Federal Express Canada Ltd.

    FedEx www.fedex.com
    Federal Express
    tracking numbers
    # 417882
    The parcel was sent your home adress.
    And it will arrive within 5 buisness days.

    More information and the parcel tracking number are attached in document below.

    Thank you

    Federal Express Canada Ltd. and FedEx. All rights reserved.© 1995-2011 FedEx
     
  3. Jessica

    Jessica Administrator Staff Member

    From FedEx system
    Return-Path: <info521060@fedex.com>
    Received: from 141.85.254.57, Romania, "Politehnica" University of Bucharest
    Date: Tue, 17 May 2011
    From: "FedEx system" <info521060@fedex.com>
    Message contains attachments
    1 File (8KB)

    * FedEx mail.zipFedEx mail.zip

    May 2011
    FedEx www . fedex . com
    Federal Express
    tracking numbers
    # 4827680

    The parcel was sent your home adress. And it will arrive within 5 buisness days.

    More information and the parcel tracking number are attached in document below.

    Thank you

    Federal Express Canada Ltd. and FedEx. All rights reserved.© 1995-2011 FedEx
     
  4. guest

    guest Guest

    We are clean now

    We had an infected PC, which was cleaned.
    All is OK now, our server is not an "open relay", and it doesn't send spam.
    Thank you.
     
  5. Sphinx

    Sphinx Administrator Staff Member

    It doesn't matter whether you have an open relay or not. Someone used your server to send a phishing mail.
     
  6. guest

    guest Guest

    141.85.254.57 is safe

    Hello,

    I'm one of the sysadmins of 141.85.254.57 (alpha.imag.pub.ro).
    Please be so kind as to remove our IP from the blacklist.
    The problem was in May 2011, when a XP computer on the network got infected. This infected computer was sending the virus traffic.
    I personally formatted the hard drive and now all is clean. I checked also the other computers (all the computers are seen from outside with the same IP, the one of the Linux server).
    So, again, please be so kind as to remove our IP, 141.85.254.57, from the blacklist.

    Thank you very much,
    dr.ing. Serban OPRISESCU,
    Image Processing and Analysis Laboratory,
    University POLITEHNICA from Bucharest,
    ROMANIA
     
  7. Hua Mulan

    Hua Mulan Administrator Staff Member

    We don't have a blacklist.
     
  8. Deepdave

    Deepdave Guest

    FedEx, 2012

    I got this a couple days ago. I'm not expecting any packages and there was no notice at my house. Is it a known scam ploy ? It has an attachment (FedEx_Inv...zip
    Download(40.4 KB)) that I did not open. thanks

    USPS Invoice copy NO#3906‏

    FedEx Customer Service FedEx Customer [Serviceyour-information@fedex.com]

    From: FedEx Customer Service (your-information@fedex.com)
    Sent: Tue 1/31/12 1:53 PM

    Notice,

    Your package has been returned to the FedEx office.
    The reason of the return is - Error in the delivery address.
    Please print out the invoice copy attached and collect the package at our office.

    FedEx Global Mail.
     
  9. Dick H Box

    Dick H Box Samurai

    SCAM - PROBABLE MALWARE - DO NOT OPEN THE ATTACHMENT

    Yes, it's a scam, & the attachment is very likely to be malware. It's a known ploy to insert a Trojan onto your box, which will then install botware, or a key-logger, or some other horror that you don't want.
     
  10. carmenl85

    carmenl85 Guest

    I got the same email today... Thankfully i had some doubt about it and did not opened it.
     
  11. Jessica

    Jessica Administrator Staff Member

    From FedEx Service
    Return-Path: <_www@mail.my303.com>
    Received: from 206.124.23.20, United States, Denver, Forethought.net
    Subject: Fedex Tracking number NO#6417
    From: "FedEx Service" <our.customers@fedex.com>
    Reply-To: "FedEx Service" <our.customers@fedex.com>
    Date: Fri, 17 Feb 2012
    Invoice_ID48154.zip

    Your package has been returned to the FedEx office.

    The reason of the return is - Error in the delivery address.

    Please print out the invoice copy attached and collect the package at our office.

    FedEx Global Services.
     
  12. victorviolet

    victorviolet Guest

    When I got this in my inbox (on Feb 11th), I was automatically suspicious, however, I'm expecting a package so I opened it.

    The attached zip contains an .exe file, likely a trojan or similar. I'm not sure since I run Linux, and therefore don't have to worry. Anyone getting this should be very cautious.

    Also the address it was from was "our-customers@fedex.com". The content was the same as the others.
     
  13. bpcmolmstead

    bpcmolmstead Guest

    abuse

    Track your shipment NO#7448
    From FedEx Information [customer-information@fedex.com]

    Invoice_ID57514.zip (55 KB)

    FedEx notice,

    Your package has been returned to the FedEx office. The reason of the return is - Error in the delivery address. Please print out the invoice copy attached and collect the package at our office.

    FedEx Customer Services
     
  14. Kat

    Kat Administrator Staff Member

    Zip file attached.

    From FedEx Express Services
    Return-Path: ~annesol@mw48.webservidor.net>
    Received: from 189.113.2.70, Sao Paulo, Brazil. Comite Gestor Da Internet No Brasil
    Subject: Your package is available for pickup
    From: "FedEx Express Services" ~customer-assistance@fedex.com>
    Reply-To: "FedEx Express Services" ~customer-assistance@fedex.com>
    Date: Sun, 19 Feb 2012

    FedEx notice,

    Your package has been returned to the FedEx office. The reason of the return is - Incorrect delivery address of the package. Please print out the invoice copy attached and collect the package at our office.

    FedEx Global.
     
  15. Dororo

    Dororo Administrator Staff Member

    From FedEx inc
    Return-Path: <thadlorett@fedex.com>
    Received: from 82.80.102.10, Israel, Tikva Bezeq International-ltd
    Date: Tue, 21 Feb 2012
    Reply-To: "FedEx inc" <ThadLorett@fedex.com>
    From: "FedEx inc" <ThadLorett@fedex.com>
    Subject: FedEx notification
    FedEx notification.zip

    Hello
    Unfortunately we have to notify you that your shipment with tracking number #3587775 has failed to be delivered due to missing address details. In order to provide the correct location or collect your parcel please fill out the attached document. Your FedEx express mail service.

    U.S. Customer Service
    1.800.Go.FedEx
    1.800.463.3339
    Printabl e Phone Menu

    FedEx Customer Relations
    3875 Airways, Module H3 Department 4634
    Memphis, TN 38116
     
  16. Shinobi_San

    Shinobi_San Guest

    I just got this email too... and am awaiting a package... just found this thread here and saw other peoples views on it, As i was expecting, i did open it, but I've never had to check for stuff like this on my mac before...

    nothings happened as yet, nothing opened when i opened the attachment, so i'm hoping that it might not have done anything.... but to be on the safe side, has anyone have a good recommendation of some free application to scan my mac with n' check?

    thanks in advance!
     
  17. Garreg Ddu

    Garreg Ddu Gweinyddwr Staff Member

    WARNING!!

    ANOTHER ATTEMPT TO INFECT WITH MALWARE

    THE ATTACHMENT TO THIS EMAIL HAS A VIRUS

    PLEASE DO NOT DOWNLOAD AND UNZIP AND RUN THE PROGRAM


    X-SID-PRA: FedEx Customer Service <provided@fedex.com> Probably a forged email address,

    Received: from h1825091.stratoserver.net ([85.214.59.237]) by COL0-MC4-F17.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900); Tue, 21 Feb 2012 14:23:55 -0800

    Origin IP Address = 85.214.59.237 = STRATO AG, Pascalstr. 10, D-10587 Berlin, Germany

    To:
    Subject: Track your parcel NO#2129
    From: "FedEx Customer Service" <provided@fedex.com>
    Reply-To: "FedEx Customer Service" <provided@fedex.com>
    Date: Tue, 21 Feb 2012 23:23:54 +0100
    Return-Path: <provided@fedex.com>


    With a warning from the Live Mail server:
    Attachment contains a virus
    An attachment to this message contains a virus and has been removed

    Invoice_ID167235.zip



    Notice,

    Your package has been returned to the FedEx office.
    The reason of the return is - Incorrect delivery address of the package.
    Please print out the invoice copy attached and collect the package at our office.

    FedEx Services.
     
  18. Garreg Ddu

    Garreg Ddu Gweinyddwr Staff Member

    And another one.

    VIRUS INFECTION - Fedex_Invoice_Copy_N45-67.zip !

    Please do not open this file.



    X-SID-PRA: Your FedEx <airfreight.service@fedex.com>

    Received: from daweb06.oxilion.nl ([93.186.177.132]) by SNT0-MC1-F3.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
    Sun, 11 Mar 2012 01:25:09 -0800

    Origin IP Address = 93.186.177.132 = Oxilion B.V., Postbus 757, 7500 AN Enschede, The Netherlands

    To:
    Subject: Track your shipment NO1443
    From: "Your FedEx" <airfreight.service@fedex.com>
    Reply-To: "Your FedEx" <airfreight.service@fedex.com>
    Date: Sun, 11 Mar 2012 10:25:08 +0100
    Return-Path: piet@daweb06.oxilion.nl


    Notice,

    Your package has been returned to the FedEx office.
    The reason of the return is - Error in the delivery address.
    Please print out the invoice copy attached and collect the package at our office.

    FedEx Global Services.
     
  19. Sapphire's Strike

    Sapphire's Strike Administrator Staff Member

    FedEx ®

    Received from: 1.9.1.9 - MALAYSIA, Pulau Pinang, Bukit Mertajam - Tmnet, Telekom Malaysia Bhd.
    Return-Path: [infoq@fedex.com]
    Date: Fri, 30 Mar 2012
    Reply-To: "FedEx service" [infoq@fedex.com]
    From: "FedEx service" [infoq@fedex.com]
    Subject: Parcel notification 757820


    FedEx ®

    Dear customer.

    The parcel was sent your home address.
    And it will arrive within 7 business day.

    More information and the tracking number are attached in document below.

    Thank you.
    bicueeahemegomeilynykuvuuiuduxowaeeuhyaumdxfezi bichekimecu
    Copyright © FedEx 1995-2012 aomtyucagejipbuypopiabuzykawyrwfaiabeutoxeawoysmwygji

    attachment - FedEx Report Zip - DO NOT OPEN - TROJAN VIRUS
     
  20. Sydniee

    Sydniee New Member

    Fraud?? subject: FEDEX Invoice Order 6015‏

    This is a fraudulent email right???? It was recieved in my spam folder which usually I would delete, but I have been making a lot of online purchases and so I wasn't so sure. :confused: Any thoughts?

    Email I received:
    -------------------------------------------------------------
    FEDEX Invoice Order 6015‏

    4/08/12

    [noparse]Reply ▼
    FedEx Express Add to contacts
    To [xxxxxxxxxx@live.com]
    From: FedEx Express (global@fedex.com)
    Sent: Sun 4/08/12 10:27 PM
    To: [xxxxxxxxxxxx@live.com]

    Always show content from [global@fedex.com]
    Hotmail Active View
    1 attachment (385.8 KB)

    Invoice_F...zip
    Download(385.8 KB)
    Download as zip
    Dear Customer,

    Your package has been returned to the FedEx office.
    The reason of the return is - Incorrect delivery address of the package.
    Please print out the invoice copy attached and collect the package at our office.

    FedEx Customer.
    ........thats end of email.....


    And then the following is from the message details:

    x-store-info:4r51+eLowCe79NzwdU2kR3P+ctWZsO+J
    Authentication-Results: hotmail.com; sender-id=none (sender IP is 81.169.146.215) header.from=global@fedex.com; dkim=none header.d=fedex.com; x-hmca=none
    X-SID-PRA: [global@fedex.com]
    X-SID-Result: None
    X-DKIM-Result: None
    X-Message-Status: n:0:n
    X-AUTH-Result: NONE
    X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
    X-Message-Info: 11chDOWqoTnjDv0n+r5oSgy3S7bjJxJadMtPYN13+z0zEC2xvfczvM9LUMZ1Y+KF3EqcMAjtrgDKnHwgAYG3j3o4kmJxANaRpbu0m+jyf9NY0UlqgURNt4i0FySCdYGwNnn0UCK7Mw0=
    Received: from cg-p07-fb.rzone.de ([81.169.146.215]) by COL0-MC4-F17.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
    Sun, 8 Apr 2012 22:27:42 -0700
    Received: from cg-p07-ob.rzone.de (snori-cg-p07-ob.mail [192.168.63.61])
    by snori-fb-023.store (RZmta 28.7 OK) with ESMTP id i03defo380PZ0K
    for <sydniee@live.com>; Mon, 9 Apr 2012 06:57:25 +0200 (MEST)
    X-RZG-CLASS-ID: cg07
    Received: from quirke.store ([192.168.41.142])
    by snori-cg-011.store (RZmta 28.7 OK) with ESMTP id U04006o38IMvDx
    for <xxxxxxxxx@live.com>; Sun, 8 Apr 2012 22:57:05 +0200 (MEST)
    Received: (from Unknown UID 1334317@localhost)
    by post.webmailer.de (8.13.7/8.13.7) id q38Kv46s026692;
    Sun, 8 Apr 2012 20:57:04 GMT
    Date: Sun, 8 Apr 2012 20:57:04 GMT
    Message-Id: <201204082057.q38Kv46s026692@post.webmailer.de>
    To: [xxxxxxxxxxx@live.com]
    Subject: FEDEX Invoice Order 6015
    From: "FedEx Express" <global@fedex.com>
    X-Mailer: grasslandtromboneV8.75
    Reply-To: "FedEx Express" <global@fedex.com>
    Mime-Version: 1.0
    Content-Type: multipart/mixed;boundary="----------13339186244F81FBA08A4A2"
    X-RZG-SCRIPT: :fz1KJBj8Na2AXrl2N8BoNJOIwQZVa0Of59qbmn1xYfzbKGW0PuFg3lqvT182A7k8SQDFet4LvIrCbysh1WPTDGPkb8VHM3m+HJYLEHh6WgIGEUfz+Mb5w2U0lm3NNvt8ebip8cpyh0cZ6iOu5rTFQZixIOMzoL7dXw==
    Return-Path: postmaster+1334317@post.webmailer.de
    X-OriginalArrivalTime: 09 Apr 2012 05:27:43.0052 (UTC) FILETIME=[7CF860C0:01CD1611]

    ------------13339186244F81FBA08A4A2
    Content-Type: text/html;
    Content-Transfer-Encoding: 8bit

    Dear Customer, <BR>
    <BR>
    Your package has been returned to the FedEx office. <BR>
    The reason of the return is - Incorrect delivery address of the package. <BR>
    Please print out the invoice copy attached and collect the package at our office. <BR>
    <BR>
    FedEx Customer. <BR>

    ------------13339186244F81FBA08A4A2
    Content-Type: application/octet-stream;name="Invoice_FedEx_N435-754.zip"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment;filename="Invoice_FedEx_N435-754.zip[/noparse]
     
    Last edited by a moderator: Apr 9, 2012

Share This Page