FedEx phishing

#1
FedEx system notification
From FedEx
Return-Path: <18infov@fedex.com>
Date: Tue, 05 Apr 2011
Reply-To: "FedEx" <18infov@fedex.com>
From: "FedEx" <18infov@fedex.com>
Message contains attachments1 File (7KB)(Virus)
198.47.214.204 Unknown Unknown Unknown

Dear customer

The parcel was sent your home adress And it will arrive within 10 business days

More information and the tracking number are attached in document below.

Thank You

© FedEx 1995-2011

also
FedEx system notification
Return-Path: <84infotmkif@fedex.com>
Date: Tue, 05 Apr 2011
From: "FedEx" <84infotmkif@fedex.com>
To: <kdmtar@yahoo.com>
Subject: FedEx system notification
52.185.247.114 E.I. du Pont de Nemours and Co. Wilmington United States
4.226.150.54 Level 3 Communications Cleveland United States

Dear customer

The parcel was sent your home adress And it will arrive within 10 business days

More information and the tracking number are attached in document below.

Thank You

© FedEx 1995-2011

and

FedEx system notification
Return-Path: <43infoqqbid@fedex.com>
Date: Tue, 05 Apr 2011 02:30:10 +0400
From: "FedEx" <43infoqqbid@fedex.com>
Subject: FedEx system notification
51.159.153.234 UK Government Department for Work and Pensions n/a Great Britain
95.24.192.173 Investelektrosviaz Ltd. n/a Russian Federation
Return-Path: <43infoqqbid@fedex.com>
Date: Tue, 05 Apr 2011
From: "FedEx" <43infoqqbid@fedex.com>
Subject: FedEx system notification
Message contains attachments1 File (7KB)FedEx.zipCompact (Virus) Headers

Dear customer

The parcel was sent your home adress And it will arrive within 10 business days

More information and the tracking number are attached in document below.

Thank You

© FedEx 1995-2011
 

Yasir

New Member
#2
Federal Express Canada Ltd.

FedEx www.fedex.com
Federal Express
tracking numbers
# 417882
The parcel was sent your home adress.
And it will arrive within 5 buisness days.

More information and the parcel tracking number are attached in document below.

Thank you

Federal Express Canada Ltd. and FedEx. All rights reserved.© 1995-2011 FedEx
 

Jessica

Administrator
Staff member
#3
From FedEx system
Return-Path: <info521060@fedex.com>
Received: from 141.85.254.57, Romania, "Politehnica" University of Bucharest
Date: Tue, 17 May 2011
From: "FedEx system" <info521060@fedex.com>
Message contains attachments
1 File (8KB)

* FedEx mail.zipFedEx mail.zip

May 2011
FedEx www . fedex . com
Federal Express
tracking numbers
# 4827680

The parcel was sent your home adress. And it will arrive within 5 buisness days.

More information and the parcel tracking number are attached in document below.

Thank you

Federal Express Canada Ltd. and FedEx. All rights reserved.© 1995-2011 FedEx
 
G

guest

Guest
#4
We are clean now

We had an infected PC, which was cleaned.
All is OK now, our server is not an "open relay", and it doesn't send spam.
Thank you.
 
G

guest

Guest
#6
141.85.254.57 is safe

Hello,

I'm one of the sysadmins of 141.85.254.57 (alpha.imag.pub.ro).
Please be so kind as to remove our IP from the blacklist.
The problem was in May 2011, when a XP computer on the network got infected. This infected computer was sending the virus traffic.
I personally formatted the hard drive and now all is clean. I checked also the other computers (all the computers are seen from outside with the same IP, the one of the Linux server).
So, again, please be so kind as to remove our IP, 141.85.254.57, from the blacklist.

Thank you very much,
dr.ing. Serban OPRISESCU,
Image Processing and Analysis Laboratory,
University POLITEHNICA from Bucharest,
ROMANIA
 
D

Deepdave

Guest
#8
FedEx, 2012

I got this a couple days ago. I'm not expecting any packages and there was no notice at my house. Is it a known scam ploy ? It has an attachment (FedEx_Inv...zip
Download(40.4 KB)) that I did not open. thanks

USPS Invoice copy NO#3906‏

FedEx Customer Service FedEx Customer [Serviceyour-information@fedex.com]

From: FedEx Customer Service (your-information@fedex.com)
Sent: Tue 1/31/12 1:53 PM

Notice,

Your package has been returned to the FedEx office.
The reason of the return is - Error in the delivery address.
Please print out the invoice copy attached and collect the package at our office.

FedEx Global Mail.
 
#9
SCAM - PROBABLE MALWARE - DO NOT OPEN THE ATTACHMENT

Yes, it's a scam, & the attachment is very likely to be malware. It's a known ploy to insert a Trojan onto your box, which will then install botware, or a key-logger, or some other horror that you don't want.
 

Jessica

Administrator
Staff member
#11
From FedEx Service
Return-Path: <_www@mail.my303.com>
Received: from 206.124.23.20, United States, Denver, Forethought.net
Subject: Fedex Tracking number NO#6417
From: "FedEx Service" <our.customers@fedex.com>
Reply-To: "FedEx Service" <our.customers@fedex.com>
Date: Fri, 17 Feb 2012
Invoice_ID48154.zip

Your package has been returned to the FedEx office.

The reason of the return is - Error in the delivery address.

Please print out the invoice copy attached and collect the package at our office.

FedEx Global Services.
 
V

victorviolet

Guest
#12
When I got this in my inbox (on Feb 11th), I was automatically suspicious, however, I'm expecting a package so I opened it.

The attached zip contains an .exe file, likely a trojan or similar. I'm not sure since I run Linux, and therefore don't have to worry. Anyone getting this should be very cautious.

Also the address it was from was "our-customers@fedex.com". The content was the same as the others.
 
B

bpcmolmstead

Guest
#13
abuse

Track your shipment NO#7448
From FedEx Information [customer-information@fedex.com]

Invoice_ID57514.zip (55 KB)

FedEx notice,

Your package has been returned to the FedEx office. The reason of the return is - Error in the delivery address. Please print out the invoice copy attached and collect the package at our office.

FedEx Customer Services
 

Kat

Administrator
Staff member
#14
Zip file attached.

From FedEx Express Services
Return-Path: ~annesol@mw48.webservidor.net>
Received: from 189.113.2.70, Sao Paulo, Brazil. Comite Gestor Da Internet No Brasil
Subject: Your package is available for pickup
From: "FedEx Express Services" ~customer-assistance@fedex.com>
Reply-To: "FedEx Express Services" ~customer-assistance@fedex.com>
Date: Sun, 19 Feb 2012

FedEx notice,

Your package has been returned to the FedEx office. The reason of the return is - Incorrect delivery address of the package. Please print out the invoice copy attached and collect the package at our office.

FedEx Global.
 

Dororo

Administrator
Staff member
#15
From FedEx inc
Return-Path: <thadlorett@fedex.com>
Received: from 82.80.102.10, Israel, Tikva Bezeq International-ltd
Date: Tue, 21 Feb 2012
Reply-To: "FedEx inc" <ThadLorett@fedex.com>
From: "FedEx inc" <ThadLorett@fedex.com>
Subject: FedEx notification
FedEx notification.zip

Hello
Unfortunately we have to notify you that your shipment with tracking number #3587775 has failed to be delivered due to missing address details. In order to provide the correct location or collect your parcel please fill out the attached document. Your FedEx express mail service.

U.S. Customer Service
1.800.Go.FedEx
1.800.463.3339
Printabl e Phone Menu

FedEx Customer Relations
3875 Airways, Module H3 Department 4634
Memphis, TN 38116
 
S

Shinobi_San

Guest
#16
I just got this email too... and am awaiting a package... just found this thread here and saw other peoples views on it, As i was expecting, i did open it, but I've never had to check for stuff like this on my mac before...

nothings happened as yet, nothing opened when i opened the attachment, so i'm hoping that it might not have done anything.... but to be on the safe side, has anyone have a good recommendation of some free application to scan my mac with n' check?

thanks in advance!
 

Garreg Ddu

Gweinyddwr
Staff member
#17
WARNING!!

ANOTHER ATTEMPT TO INFECT WITH MALWARE

THE ATTACHMENT TO THIS EMAIL HAS A VIRUS

PLEASE DO NOT DOWNLOAD AND UNZIP AND RUN THE PROGRAM

X-SID-PRA: FedEx Customer Service <provided@fedex.com> Probably a forged email address,

Received: from h1825091.stratoserver.net ([85.214.59.237]) by COL0-MC4-F17.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900); Tue, 21 Feb 2012 14:23:55 -0800

Origin IP Address = 85.214.59.237 = STRATO AG, Pascalstr. 10, D-10587 Berlin, Germany

To:
Subject: Track your parcel NO#2129
From: "FedEx Customer Service" <provided@fedex.com>
Reply-To: "FedEx Customer Service" <provided@fedex.com>
Date: Tue, 21 Feb 2012 23:23:54 +0100
Return-Path: <provided@fedex.com>


With a warning from the Live Mail server:
Attachment contains a virus
An attachment to this message contains a virus and has been removed

Invoice_ID167235.zip



Notice,

Your package has been returned to the FedEx office.
The reason of the return is - Incorrect delivery address of the package.
Please print out the invoice copy attached and collect the package at our office.

FedEx Services.
 

Garreg Ddu

Gweinyddwr
Staff member
#18
And another one.

VIRUS INFECTION - Fedex_Invoice_Copy_N45-67.zip !

Please do not open this file.



X-SID-PRA: Your FedEx <airfreight.service@fedex.com>

Received: from daweb06.oxilion.nl ([93.186.177.132]) by SNT0-MC1-F3.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Sun, 11 Mar 2012 01:25:09 -0800

Origin IP Address = 93.186.177.132 = Oxilion B.V., Postbus 757, 7500 AN Enschede, The Netherlands

To:
Subject: Track your shipment NO1443
From: "Your FedEx" <airfreight.service@fedex.com>
Reply-To: "Your FedEx" <airfreight.service@fedex.com>
Date: Sun, 11 Mar 2012 10:25:08 +0100
Return-Path: piet@daweb06.oxilion.nl


Notice,

Your package has been returned to the FedEx office.
The reason of the return is - Error in the delivery address.
Please print out the invoice copy attached and collect the package at our office.

FedEx Global Services.
 

Sapphire's Strike

Administrator
Staff member
#19
FedEx ®

Received from: 1.9.1.9 - MALAYSIA, Pulau Pinang, Bukit Mertajam - Tmnet, Telekom Malaysia Bhd.
Return-Path: [infoq@fedex.com]
Date: Fri, 30 Mar 2012
Reply-To: "FedEx service" [infoq@fedex.com]
From: "FedEx service" [infoq@fedex.com]
Subject: Parcel notification 757820


FedEx ®

Dear customer.

The parcel was sent your home address.
And it will arrive within 7 business day.

More information and the tracking number are attached in document below.

Thank you.
bicueeahemegomeilynykuvuuiuduxowaeeuhyaumdxfezi bichekimecu
Copyright © FedEx 1995-2012 aomtyucagejipbuypopiabuzykawyrwfaiabeutoxeawoysmwygji

attachment - FedEx Report Zip - DO NOT OPEN - TROJAN VIRUS
 
#20
Fraud?? subject: FEDEX Invoice Order 6015‏

This is a fraudulent email right???? It was recieved in my spam folder which usually I would delete, but I have been making a lot of online purchases and so I wasn't so sure. :confused: Any thoughts?

Email I received:
-------------------------------------------------------------
FEDEX Invoice Order 6015‏

4/08/12

[noparse]Reply ▼
FedEx Express Add to contacts
To [xxxxxxxxxx@live.com]
From: FedEx Express (global@fedex.com)
Sent: Sun 4/08/12 10:27 PM
To: [xxxxxxxxxxxx@live.com]

Always show content from [global@fedex.com]
Hotmail Active View
1 attachment (385.8 KB)

Invoice_F...zip
Download(385.8 KB)
Download as zip
Dear Customer,

Your package has been returned to the FedEx office.
The reason of the return is - Incorrect delivery address of the package.
Please print out the invoice copy attached and collect the package at our office.

FedEx Customer.
........thats end of email.....


And then the following is from the message details:

x-store-info:4r51+eLowCe79NzwdU2kR3P+ctWZsO+J
Authentication-Results: hotmail.com; sender-id=none (sender IP is 81.169.146.215) header.from=global@fedex.com; dkim=none header.d=fedex.com; x-hmca=none
X-SID-PRA: [global@fedex.com]
X-SID-Result: None
X-DKIM-Result: None
X-Message-Status: n:0:n
X-AUTH-Result: NONE
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Message-Info: 11chDOWqoTnjDv0n+r5oSgy3S7bjJxJadMtPYN13+z0zEC2xvfczvM9LUMZ1Y+KF3EqcMAjtrgDKnHwgAYG3j3o4kmJxANaRpbu0m+jyf9NY0UlqgURNt4i0FySCdYGwNnn0UCK7Mw0=
Received: from cg-p07-fb.rzone.de ([81.169.146.215]) by COL0-MC4-F17.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Sun, 8 Apr 2012 22:27:42 -0700
Received: from cg-p07-ob.rzone.de (snori-cg-p07-ob.mail [192.168.63.61])
by snori-fb-023.store (RZmta 28.7 OK) with ESMTP id i03defo380PZ0K
for <sydniee@live.com>; Mon, 9 Apr 2012 06:57:25 +0200 (MEST)
X-RZG-CLASS-ID: cg07
Received: from quirke.store ([192.168.41.142])
by snori-cg-011.store (RZmta 28.7 OK) with ESMTP id U04006o38IMvDx
for <xxxxxxxxx@live.com>; Sun, 8 Apr 2012 22:57:05 +0200 (MEST)
Received: (from Unknown UID 1334317@localhost)
by post.webmailer.de (8.13.7/8.13.7) id q38Kv46s026692;
Sun, 8 Apr 2012 20:57:04 GMT
Date: Sun, 8 Apr 2012 20:57:04 GMT
Message-Id: <201204082057.q38Kv46s026692@post.webmailer.de>
To: [xxxxxxxxxxx@live.com]
Subject: FEDEX Invoice Order 6015
From: "FedEx Express" <global@fedex.com>
X-Mailer: grasslandtromboneV8.75
Reply-To: "FedEx Express" <global@fedex.com>
Mime-Version: 1.0
Content-Type: multipart/mixed;boundary="----------13339186244F81FBA08A4A2"
X-RZG-SCRIPT: :fz1KJBj8Na2AXrl2N8BoNJOIwQZVa0Of59qbmn1xYfzbKGW0PuFg3lqvT182A7k8SQDFet4LvIrCbysh1WPTDGPkb8VHM3m+HJYLEHh6WgIGEUfz+Mb5w2U0lm3NNvt8ebip8cpyh0cZ6iOu5rTFQZixIOMzoL7dXw==
Return-Path: postmaster+1334317@post.webmailer.de
X-OriginalArrivalTime: 09 Apr 2012 05:27:43.0052 (UTC) FILETIME=[7CF860C0:01CD1611]

------------13339186244F81FBA08A4A2
Content-Type: text/html;
Content-Transfer-Encoding: 8bit

Dear Customer, <BR>
<BR>
Your package has been returned to the FedEx office. <BR>
The reason of the return is - Incorrect delivery address of the package. <BR>
Please print out the invoice copy attached and collect the package at our office. <BR>
<BR>
FedEx Customer. <BR>

------------13339186244F81FBA08A4A2
Content-Type: application/octet-stream;name="Invoice_FedEx_N435-754.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;filename="Invoice_FedEx_N435-754.zip[/noparse]
 
Last edited by a moderator:
Top