If you have received an email from FedEx recently, be careful before you do anything with it. It could be a fake email.
Symantec Security Response has observed that fake FedEx emails have been circulating. In a statement today, the security solutions provider said that users are asked to click on a link to print out a receipt in order to retrieve their parcel in person from the nearest FedEx office.
When unsuspecting users click on the link, they are greeted by a PostalReceipt.zip file containing malicious PostalReceipt.exe executable file. Instead of receiving a parcel, a malware Trojan.Smoaler is delivered to their computer.
According to Symantec, all the fake FedEx emails delivering this malware are almost identical except for the order numbers and the website the zip file is hosted on.
"One sign of laziness or perhaps an oversight on the part of the malware author, is the use of the same Order Date," said a Symantec spokesperson. "The author does change the domain where Trojan.Smoaler is hosted daily."
Symantec also said that FedEx has posted a warning on its website along with further information about online security.
Sign up for CIO Asia eNewsletters.