The Clifton, N.J.-based Comodo Threat Research Labs identified a malware attack in both English and Italian targeting customers of FedEx. Fake emails told recipients that FedEx was attempting to deliver a package.
An alert on the official FedEx website warned, "We have received reports of fraudulent emails with the subject lines 'Shipping Conformation,' 'Verify Info,' 'Some important information is missing' and 'Please fulfill the documents attached to verify your identity.' The fraudulent email may have an attached file that may contain a virus or other malware."
FedEx added, "If you receive a message matching this description below, do not open the email or click on the attachment. Delete the email immediately or forward it to [email protected]. FedEx does not send unsolicited emails to customers requesting information regarding packages, invoices, account numbers, passwords or personal information."
Comodo said the cybercriminals created a sense of urgency by asking recipients to click on and print an attachment, and go to their local office to get their package within 48 hours or it would be returned, thus preying upon recipients' potential fears and imposing deadlines on them. If the recipient clicked on the attachment, they activated the malware, which then infected the endpoint.
The Comodo team identified the multi-language phishing campaign through IP, domain and URL analysis. While close analysis of the emails revealed some irregularities in grammar and syntax, most recipients do not assume all incoming emails are phishing attempts and thus may not be reading them as closely as they could be, Comodo said. In addition, the firm noted cybercriminals are getting better at mimicking the colors, logos and feel of official websites.
"Through our specific IP and URL analysis – as well as the Comodo Threat Research Labs' continuous monitoring and scanning of data from Comodo's users – our team was able to identify this specific, high-volume malware attack, and we simply want to alert the public to it," Fatih Orhan, director of Technology for Comodo and the Comodo Threat Research Labs said. "As a company, we work diligently to create innovative technology solutions that stay a step ahead of cybercriminals and keep enterprises and IT environments safe."
Since a malware campaign such as this one can return in other forms and target a new group of people, Comodo offered the following advice for potential victims of phishing schemes:
- Check the email address and domain name of the company that sent the email. While it may appear to be an official email, closer inspection often reveals no connection with the company named.
- Check with the company IT department before opening or clicking on a link that is deemed suspicious.
Comodo also recommended systems administrators and IT directors looking to prevent malware from spreading across their network and endpoints put a reliable endpoint security protection platform in place. Companies should also conduct regular penetration testing, use antivirus, firewall and containment technologies as part of a layered defense system, and regularly train employees to raise awareness for phishing and other social engineering attacks.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
