FedEx notification malware attack spammed out

Take care when opening your email inbox, as malicious hackers have spammed out another malware attack posing as a parcel delivery notification.

The emails, which pretend to be related to a FedEx package delivery, have been sent out via spam email to addresses around the world. But if you open the attached file – called document.zip – you risk infecting your Windows computer.

Malicious FedEx notification email

Dear customer.

Sign up to our free newsletter.
Security news, advice, and tips.

The parcel was sent your home address.
And it will arrive within 7 business day.

More information and the tracking number are attached in document below.

Thank you.
© FedEx 1995-2011

All of the emails we have seen in this latest campaign use the subject line “FedEx notification #XXXXX” (where “XXXXX” is a random number), although obviously this could be changed by the attackers at any time.

Sophos products intercept the malware attack as Troj/Bredo-FN.

As Duck described in his recent 90 second news video, scammers are banking on the coincidence that you really are waiting for a parcel to be delivered when one of these fake package notification emails arrives.

[youtube=http://www.youtube.com/v/http://www.youtube.com/watch?v=XWUEg4D5tHM&w=500&h=311&rel=0]

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like.)


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.