Catch Of The Week: FedEx, UPS, DHL Phishing Emails

Los Alamos

So if you are anything like me, you are probably doing more online shopping lately, due to restrictions forced by COVID-19. Hey, don’t judge me, if I run out of wet food or treats my cat will be very, very angry. Scammers are aware of the trend towards online shopping, and as usual, they are eager to take advantage.

We’ve all gotten emails from delivery companies updating us on our delivery status, or letting us know there was an issue with delivery, and to “click here” to check. Is it ever safe to click? It could be legit, but it could be a phishing email, and if you are on your phone or a tablet rather than a desktop, it can be harder to tell. Your best option is always to go directly to the company’s website and check your package’s status there. Be suspicious of any emails you get mentioning coronavirus or COVID-19; they are likely to be scams

According to a new report from Kaspersky (a cybersecurity company), there has been an increase in fake sites and emails posing as various delivery services. Some of these scam emails claim there was an issue “due to coronavirus outbreak”, and your package is undeliverable. They may ask you to open an attachment to “confirm your details”. “It is highly unlikely UPS, FedEx, DHL, etc. would ever send you an attachment to open. In this case, if the unlucky user opens it, it installs Remcos (backdoor malware- allows bad actors access to your machine).  

There are many variations on this, all scams. Most of these have broken English, typos and spoofed email addresses. The emails might contain a convincing picture of the company’s logo, but this adds no legitimacy; it’s trivial to copy and paste a logo from the web into an email.

There also are reports of websites spoofing the big delivery companies. It is relatively easy to “clone” a website (if you have the right tools and know-how) and create a very, very convincing copy. This is why it’s essential always to double-check the website address – is the website the actual company you are trying to surf to, or is it a fake? 

You can fake the way a website looks; it’s much harder to spoof the website address (URL) or domain name. So rather than “”, the address bar might read “www[.]fedax-us[.]info/customer”, which is not a legitimate FedEx website. The domain name is the part after the “www” in the address bar, and it is always unique; more than one person can’t use the same domain. In the first case, the domain name is “”, while in the second case, the domain name is “”. Something will be off, sometimes just slightly, letting you know the site is not legitimate. 

Protect yourself from scams:

  • Check the sender’s address and the website address; make sure they are correct. If the email claims to be from a major delivery company but ends in a free email provider like “”, be suspicious. 
  • Check the body of the email – does it look a little off format-wise, are there typos, weird phrasing?  These are all signs you are dealing with a phish.
  • Avoid opening attachments or clicking links in emails from delivery companies. Go directly to their website or call their customer service number. Most delivery companies would not send an attachment to let you know about a delivery issue. 

The bad guys are ever vigilant, always looking for new ways to scam us. Don’t fall for a phish! 

Editor’s note: Becky Rutherford works in information technology at Los Alamos National Laboratory.