FedEx Parcel Scam: How to Remove Active Infections

FedEx Parcel Scam: How to Remove Active Infections

FedEx parcel scam image

FedEx Parcel Scam is a recent malware infection that is being spread on the Internet by unknown computer hackers. Our in-depth removal article shows you how to protect your computer against it, as well as remove existing infections.

Threat Summary

NameFedEx Parcel Scam
TypeSocial Engineering Scam
Short DescriptionThe FedEx parcel scam is a malware attack that uses phishing emails to manipulate the users into interacting with the dangerous content. As a result they can be redirected to hacker-controlled sites or infected with various types of viruses.
SymptomsThe users may find that their browser settings are changed. Application failure, abnormal system resources usage and other typical virus infiltration symptoms are expected.
Distribution MethodEmail messages, malware sites, redirects, web scripts and browser hijackers.
Detection Tool See If Your System Has Been Affected by FedEx Parcel Scam


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss FedEx Parcel Scam.

FedEx Parcel Scam November 2018 Update — Hacked Emails

The November 2018 FedEx phishing scam attack uses a slightly different mechanism. The hackers send out fake delivery notifications that are modeled to appear as originating from the courier service. This is made possible by taking legitimate logo, branding, design elements and text style from real emails.

A distinct characteristic of this particular campaign is that the sender emails are actually compromised university accounts. This is in contrast to hacker-made accounts that are made specifically for the case or bought from the hacker underground markets.

The actual body contents of the notifications will coerce the users into clicking on a link to sign their delivery address. If this is done they will be redirected to a fake FedEx login page. It will request their email address, if entered the field will return an error and ask for the user’s password. If it is entered then the account credentials will automatically be transferred to the malicious operators.

FedEx Parcel Scam – Spread

The FedEx Parcel Scam is an active infection that is currently being distributed in a mass email campaign. The criminal operators behind it have hijacked the template used by the company, including the relevant graphics and text in order to spoof them as much as possible. The senders emails may also resemble company ones by using familiar-sounding domain names.

Another tactic would be the use of browser hijackers that represent malware plugins made for the most popular applications. They are usually compatible with Mozilla Firefox, Safari, Internet Explorer, Google Chrome, Opera and Microsoft Edge. They can be uploaded to the software repositories of the relevant browsers by posing as feature additions or enhancements. Once they are installed dangerous changes are made to the browsers, including redirects to hacker-controlled pages. The criminals can also spread the malware via infected software installers. They are frequently made by taking the legitimate setup files from the official vendors. They are modified to include the malware code as soon as the installers are launched. In certain cases the infections can be disallowed by unchecking certain options.

Hacker-controlled sites are one of the usual places where such malware can be contacted. They are usually made using template engines. The researchers have outlined several types:

  • Imposter Copies — They are modeled after legitimate services and attempt to fool the users into thinking that they are using the real site.
  • Hacker Sites — Specialist sites are being made by the criminals that use original design.
  • Web Scripts — Malware copies can also be included in pop-ups, banners and ads.

FedEx Parcel Scam – Overview

The main infection campaign at the moment is being initiated through an email spam campaign. The criminals use standard phishing strategies by taking the original graphics and text from real messages. The criminals have designed the malware campaign by spoofing a delivery notification. The standard message reads the following:

Your package was delivered!

Delivery Information

Your package has been delivered to your home address.


Shipping Information

Please find here the shipping invoice and package tracking information

The messages bear the title “Delivery complete” and the sender’s identification is FedEx Parcel. The messages attempt to make the victims click on the malware link. Depending on the individual configuration the interaction can lead to any of the following:

  • Malware Downloads — The hyperlink can directly download various files including advanced ransomware and Trojans.
  • Spoof Login Pages — The victims can be redirected to counterfeit login pages. If they input their account credentials they automatically are sent to the hackers. Using the provided information the criminals can perform various crimes such as financial abuse and identity theft.
  • Redirect to Malware Portals — The victims can be redirected to malware-controlled sites. They are often used to institute dangerous tracking cookies and other surveillance technology to the victims. The harvested data is used to generate a complete profile of the victims which is then sold to marketing agencies for profit.

Remember that if such messages reach the internal network of a business or government organizations the security or system administrator should be immediately notified! We recommend that every user scans their systems for malware to make sure that their devices are clean of viruses.

Remove FedEx Parcel Scam Scam

To remove the FedEx Parcel Scam tech support scam and its related files manually from your PC, follow the step-by-step removal instructions provided below. If the manual removal guide does not get rid of the scam and its redirects completely, you should search for and remove any leftover items with an advanced anti-malware tool. Software like that will keep your system secure in the future.


Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share