A new wave of phishing attacks impersonating FedEx and UPS has caught the attention of cybersecurity experts at Abnormal Security. These scams stand out for their “impressive level of impersonation” and “especially convincing” emails, raising the bar for phishing attempts.
While the basic structure of the scam follows familiar patterns – fake shipping notifications leading to requests for personal and payment data – the execution is remarkably polished. Unlike past attempts with minimal text and branding, these new campaigns feature:
- Meticulous attention to detail
- Extensive use of carrier branding throughout the phishing process
- Flawless grammar, spelling, and syntax
The scammers invite victims to “resolve” fictional shipping issues by clicking links that lead to data theft. What sets this campaign apart is the potential for immediate financial damage, as payment information is among the data targeted.
Abnormal Security researchers speculate that this level of sophistication might indicate either a highly dedicated group of attackers or the emergence of advanced “phishing-as-a-service” kits on the dark web.
The polished nature of these scams makes them particularly dangerous. Users should exercise extreme caution with unexpected shipping notifications, verify directly with carriers through official channels, and never click on links or provide sensitive information in response to unsolicited emails.
