This type of attack is similar to others as their objective is to get you to open the attached ".zip" file which can inflict a variety of problems from you which may include the disclosure of considential or sensitive information (such as Quicken files for your banking, saving and investment information) to something as simple yet painful as your entire Contacts file exposing your friends to unwanted risks and e-mails.
In this example FedEx is the name used by The Bad Guys to lure you into believing it is real but it could be any other well known shipping or delivery company. Because of their global strength and presence, FedEx is often used due to strong name recognition, trust and quality of service.
Below is an actual e-mail sent for analysis. e-mail address have been changed to avoid any problems.
E-MAIL ADDRESS: FedEx 2Day <email@example.com>
SUBJECT: Problem with parcel shipping, ID:00000846419
MESSAGE: Label_0000086419.zip (3 KB)
We could not deliver your item.
Delivery Label is attached to this email.
FedEx Support Agent.
(c) 1995-2014 FedEx. The content of this message is protected by copyright and trademark laws under international law.
WHAT ARE THE CLUES IN THIS ATTACK?
A non-corporate foreign e-mail address?
Why would a global company, like FedEx in this case, be using the e-mail address of another company or a commercial Internet Service Provider? Notice the ".com.tr" at the end of the e-mail address? The original e-mail used an e-mail account in the county of Turkey.
A generic ID number?
FedEx uses their Tracking Number not a generic ID number.
Notice the implied sense of urgency?
Second day air shipments need to arrive on-time with no delays. What has happened?.
Your shipment can NOT be delivered. This is pressure for you to act quickly and most
importantly, WITHOUT THINKING. When you stop thinking and just react, the bad guys win.
Notice the attachment has the same number as the ID?
This draws you into the attack. Why would someone provide an attachment when they could easily provide the needed information into an e-mail? That saves time, reduces the size of e-mails sent out and requires less data transmission time which can save millions of dollars. This bad guy is focused on inflicting pain not cost savings.
You shipped it, they have your name from the Airbill ... why Dear Customer?
The bad guy has no idea who you are or even care about you. This is an attempt to inflict injury through destruction or exposure of private or confidential information, extortion, embarrassment or other acts. They know what they are doing and enjoy it.
Who is this person?
If you need to, call the shipper and ask about Jonn Snowjob the FedEx Support Agent. You may first learn that Job Title does not exist then that they cannot find any Jonn Snowjob in Turkey or anywhere else. A little knowledge is very powerful to stop the bad guys.
Lack of Customer Service?
FedEx is a well managed company that cares about their customer, their shipments and their people. Would they not have their systems updated to show the current year in their Copyright notice? Would they not have used the traditional Copyright Mark (a capital C within a circle)? Would there not have been some images from the company included? Why not a message about contacting the company for your loss claim or package return process which would not be part of the attachment? No company would have missed these things.
Did you notice the language?
While rather short, the use of English is relatively good compared to most attempts where spelling, punctuation, use of verbs, capitalization or abbreviations are often incorrect. Often these are immediate clues. Any large corporation has notices and other communications to the public and customers reviewed extensively prior to release and are often initiated by their computer systems or employees with very limited means to alter the message sent. Messages are also often reviewed for hidden meanings or differences in the many languages their customers use natively. The bad guys do not pay such detailed attention to messages.
The bad guys normally will be defeated IF you STOP, READ, THINK AND CHALLENGE BEFORE TAKING ACTION. The person who pays the high price for not taking these steps? It is you. Often our impulse is to act first and worry about the rest later. The bad guys count on that behavior!