Thursday, March 22, 2012

FedEx or FauxEx?

I received this email yesterday. It didn't fool me for a second, but I suspect it did many others. Take a look and see if you notice anything wrong. (click on image to enlarge)

Where to start?

Since I've sent and received a fair number of FedEx packages over the years, there were a few things I noticed.

  1. I didn't order anything. And certainly nothing that would exceed the FedEx weight limit (150 lbs.).
  2. I wasn't expecting a shipment from anyone. I think if someone was sending me something weighing over 150 lbs., they'd give me some advanced warning. ("Hey, let me know when you get that refrigerator we overnighted to you.")
  3. The tracking number's wrong. FedEx uses a 15-digit number with no letters.
  4. There are no logos nor links within the email -- nothing to authenticate the source.
  5. The biggest clue of all -- the type of attachment.
As my eyes glanced down the email, the first thing I saw was the attachment. It's a zip file.  Which means it's a self-extracting file that, once downloaded, will open itself up and most likely install software, or rather malware, on the computer.

No, I was not for a moment tempted to click on the link anyway just to see what would happen.

According to a 2010 survey of online security by Ipsos Public Affairs,
 Among those who have opened a suspicious email, over half (57%) say they have done so because they weren’t sure it was spam and one third (33%) say they have done so by accident. However, nearly half (46%) report having accessed spam intentionally. [italics mine]
 I'm not one of them.

Finally, I must say I was very disappointed with this effort. I think we did a much better job faking a FedEx shipment when we scammed a Nigerian 419 scammer in the Chronicles of Chuck.

No comments:

Post a Comment