Virus sent through customer-shipments@fedex.com

[jmt356]

I was surprised to find a virus sent in an email by customer-shipments@fedex.com. Usually, viruses are sent through an email address that ressembles a legimate domain (e.g., feddexx.com), but this one was from a real domain. I tried to reply to the message and the domain did not change. So does this mean the sender hacked into FedEx's email system?

[Leif]

So does this mean the sender hacked into FedEx's email system?

It's possible, but much more likely that the spammer simply forged the 'From:' and 'Reply To:' headers in the email. The idea is that you belive it to be genuine and open it...

[John Gray]

Snopes has an article on the subject. Most carrier companies are the subject of this sort of spam, the most frequent we get at work being DHL.

[HansV]

Another, similar tactic is sending forged notifications from Facebook, Twitter, YouTube etc. For people participating in these social media, it's easy to believe that these notifications are real...

[DaveA]

I never "Reply" but use "Forward" and to the Abuse address. But one should check the real website and the "Contact" for the reporting of such.

It also pays to include the "Properties" of said email, so the routing is shown. In Outlook, this is down by right clicking the email and selecting "Options".

Yes, I did also get one from FedEx, and yes, they use the abuse@fedex.com

[Bigaldoc]

Since I use MailWasher Pro as my spam catcher, I can usually spot the spoofs in some way, often the grammar used in the preview or knowing I didn't send a package, or some other "sign" that it's suspicious.

So, I then look at the detailed "source code" of the message and can often spot a URL down in that code which, when I check often turns out to be someplace like Russia, China, Taiwan and the like. Fortunately, those emails never get to my machine and are deleted at the ISP server by MailWasher. I highly recommend MailWasher Pro.