One-Two Punch Uses FedEx, Google to Steal Your Data

Scammers have long relied on “spoofing” to lure victims into a sense of trust.

It might be an email with a cut-and-pasted logo from a well-known company, or a fake phone number that appears on your caller ID, tricking you into thinking it’s the police, the IRS, or even your neighbor on the line. But a newly reported tactic relies on two different companies’ names to convince you that it’s safe to click.

According to reports, it starts as an email from FedEx, informing you that there’s a problem delivering your package. The message includes a link, supposedly for you to download a new shipping label. Clicking on the link even takes you to a Google Drive account to print the label, so you know it’s trustworthy, right?

Of course not. Everything about it, from the original email to the shipping label, has been recreated to look like communications from FedEx and Google. Rather than resolving this mysterious shipping issue, the link installed software on your computer will mine information from your hard drive, your web browser, your search history, and more.

How do you avoid these kinds of threats when everything about them looks legitimate? It’s actually quite simple, but it involves developing a few steadfast habits.

1. Never click a link or open an attachment that you weren’t expecting – It doesn’t matter if you’re at work, at home, on your mobile device, or any other scenario: if you receive an email or a message with a link or attachment, ignore it. Contact the person who supposedly sent it, even if it’s a major company, using a phone number or email address that you looked up for yourself. Find out what the message was about, what the issue supposedly is, then take corrective action that way.

2. Install up-to-date, quality AV software – Antivirus software can go a long way towards helping you block harmful downloads, but remember, it can’t do its job if you don’t update it. Without those updates, the software only knows about threats that existed the day you installed it, not any harmful software that’s been created since then.

These good habits can create a safer internet experience for you and your family or co-workers, but can also help fight back against the spread of malicious software. Stay on top of the threat by refusing to install it.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.