Originally Posted by Darrel
I got one from FedX about 4 days after I had placed an order on eBay. My cursor had almost reached the icon before my cynical nature kicked in. I called the local FedX instead and heard "oh yeah that happens often - we don't have any thing for you" The next day my package came by regular mail.
Have a nice day - Darrel
Originally Posted by SKP Kirk
If you have any doubts, just go to the site of FedEx or UPS and do a track as they have all that you need for that and in that way you will know for sure that you are at the proper site. Those emails are actually pretty common and they are listed on most all of the warning lists.
Originally Posted by MSHappyCampers
Kirk, the e-mails that I received don't give any tracking number, just a link to click on for more info. I'm afraid that click would be disastrous!
Got a 'notice' from 'Fedex' just today, my spam filter put it in the appropriate folder but thought I's share some clues as to why it's not real.
First, the address: FedEx
It says it's from Fedex, but then the address should read: "@Fedex.com
Your parcel has arrived at December 19. Courier was unable to deliver the parcel to you.
To receive your parcel, print this label and go to the nearest office.
Notice the lack of details, no name, no address information. Also the poor grammar, "Your parcel has arrived at December 19
" It should read, "Your parcel has arrived on
December 19." Still not good grammar, but passable.
The link in the email: (h)ttp://files.klax-tv.com/list.php?fd=rWJTxZr5bn7BCExnFizxPVAmx33Dxm+Mast5OF p630GnD8fo=
My copy of a Fedex label is posted on 'klax-tv.com
By the way, clicking on the link brought up a message: "This program is not compatible with your operating system, Compatible operating systems are: Windows 8
Obviously is was a PROGRAM
that would load and run on a Windows machine, not a shipping label from Fedex.
Finally, the Header:
In your email program you can view the full header of an email. This email has the following header:
Received: from mx-mcdonald.atl.sa.earthlink.net ([220.127.116.11])
by mdl-compact.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1y4Bfd1Ub3Nl37e0; Fri, 26 Dec 2014 15:12:19 -0500 (EST)
Received: from ds8864.dedicated.turbodns.co.uk ([18.104.22.168])
by mx-mcdonald.atl.sa.earthlink.net (EarthLink SMTP Server) with ESMTP id 1y4Bfc3tD3Nl36F0
for <email@example.com>; Fri, 26 Dec 2014 15:12:18 -0500 (EST)
Received: (qmail 28572 invoked by uid 10086); 26 Dec 2014 21:37:02 +0000
Date: 26 Dec 2014 21:37:02 +0000
Message-ID: <firstname.lastname@example.org dns.co.uk>
Subject: Delivery Status Notification
X-PHP-Originating-Script: 10086:.include82.php(241) : eval()'d code
From: "FedEx SmartPost" <email@example.com>
Reply-To: "FedEx SmartPost" <firstname.lastname@example.org>
Notice it's return path
an address in the United Kingdom (.UK)
A legitimate return path would be "@Fedex.com
Besides that, there's other evidence that the email has bounced around through different accounts to hide it's origin. Look at the header of a personal email from a friend and it will be more direct than the header above.
You don't have to play detective to such detail as I did above, but I did love Sherlock Holmes' powers of observation and deduction growing up! If you pay attention to only parts of the above clues to it's fraudulent origins, you won't be tricked.