FedEx and UPS phishing scams are becoming more widespread - here's what to know

(Image credit: Shutterstock)

Cybersecurity researchers from Abnormal security have warned of a new phishing campaign in which the threat actors impersonated UPS and FedEx, and sought to steal people’s sensitive and payment data.

This would be nothing out of the ordinary if the campaign didn’t have an “impressive level of impersonation”, and if the emails being distributed weren’t “especially convincing.”

In a detailed analysis posted on Abnormal’s blog, the company explained that on the surface, this phishing campaign doesn’t differ much from what we’ve seen so far. The attackers impersonate the shipping companies, and tell their victims that they have a parcel either en-route or unable to be delivered.

"Remarkable level of detail"

The scammers then invite the victims, via a link in the email, to resolve the issue quickly - by sharing their personal and payment data, and in some cases - to even make small payments. Those that fall for the ruse have their information stolen, which the attackers can then either sell on the black market, or use for more disruptive attacks. 

Since this time around payment data is also being grabbed, chances are that hackers could try to empty the pockets of organizations around the world, as well. 

But this campaign is different, since the attackers really went the extra mile to convince their victims they were legitimate. 

“Bogus shipping notifications of the past often contained minimal text, limited formatting, and little to no mimicked branding beyond perhaps a single logo,” the researchers explained. “These campaigns, on the other hand, include a remarkable level of detail and incorporate the impersonated carrier’s branding into not only the initial messages but also the multi-step phishing sites. Additionally, from a grammar, spelling, and syntax standpoint, the text of the emails is essentially flawless.”

Either the attackers tried really hard, or they found a new, “particularly sophisticated” phishing-as-a-service kits somewhere on the dark web. Time will tell.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.