I just received an email message that, at first glance, looked like it came from account@FedEx.com (the sender had altered their URL, which is called spoofing). I was immediately suspicious, and didn’t click the embedded link they’d warned me to check out.
Here are five reasons why I Shift+Deleted this message (holding down the Shift key when you press Delete bypasses the Deleted Items folder in Outlook. The message leaves my computer permanently).
- Salutation. They didn’t address me by name or company. Instead, it read “Greetings from FedEx!”.
- Hyperlink. The URL they wanted me to click wasn’t fedex.com. Instead, it started with “http://www.netkreds…”
- Junk Folder. Outlook had detected it as spam and sent it to the junk folder. I’m a FedEx customer and receive emails from them every month, so Outlook should have recognized them.
- Certain words. The message included the words, “personal information.” My radar went way up when I saw that and thought phishing (a way of attempting to acquire sensitive information such as usernames and credit card details by masquerading as a legitimate entity).
- Grammar. The message had bad grammar and punctuation. I think better of the real FedEx.com, and didn’t think they’d send a message like this.
Here is the full message. I’ve indicated the grammar in question by marketing it red.
“During our regularly scheduled account maintenance and verification procedures, we have detected a slight error in your account information. This might be due to either of the following reasons:
1. A recent updates in our SSL server ( Due to slightly problem ) 2. A recent change in your personal information ( i.e. change of address).
Please update and verify your information by clicking or enter the following URL in your browser: ….
If your account information is not updated within 48 hours then your ability to access your account will become restricted.
This message was created by FedEx Webship/Corporateship, a product of FedEx, at the request of the sender. No authentication of email addresses has been performed.
(Please do not reply to this email address since it is not monitored for responses).”
Report to FedEx?
I won’t bother to try to figure out how to report this to FedEx. They’ve probably already received a gazillion alerts and are already on top of it. If this were from someone I knew personally, I’d let them know.
Be careful out there. Keep an eye out for these five attributes in a message that just doesn’t feel right.