FedEx email that isn’t

Office for Mere Mortals helps people around the world get more from Word, Excel, PowerPoint and Outlook. Delivered once a week. free.

A friend is expecting a parcel via Fedex and got the email shown below, so they wondered if it was really from the courier company or not.   This particular email got past both the Gmail and Outlook spam filters.

We thought it was a good example to use of the tell-tale signs to look for in a fake email that might contain a virus or other nastie.  These tricks can be applied to any suspect messages, not just ones ‘from’ a particular company.

Normally, you‘d probably delete the message knowing that you’re not expecting a parcel (or, for other common spam, have any dealings with a particular bank).  But knowing there is a parcel on the way, might give the recipient reason to open it.  The spammers are counting on the fact that some recipients have a current dealing with Fedex and might be tricked.

But there are warning signs to look for.

ZIP file

First and foremost is the email attachment.  Why would any company include an attachment, especially as a ZIP file?

There’s nothing wrong with ZIP files, they are commonly used to compress and send files.  But they are also used by spammers to disguise the real content of the attachment, probably some program to take control of your computer.

The presence of the ZIP file alone is enough to hit the delete key, unless the email is expected and comes from someone you know.

Senders address

In this case, the ‘From’ address is clearly not from  so it’s a dead giveaway that it’s a fake.

But smarter scammers use a fake ‘From’ address that appears to come from the spoofed company.


The message looks sincere with the logo etc. but there’s other, trivial, but tell-tale signs.

The reference number is all wrong.  Anyone who has used Fedex knows they have ‘tracking numbers’ with 12 digits that are always quoted when detailing a shipment.

This particular email was to someone in Australia – where the ‘International Ground’ service doesn’t operate.

What to do

Delete the message immediately.  Don’t try to open the attachment (it’s certainly infected) nor reply (the From address is a fake).

If you’re expecting a courier parcel. Ask the sender for the parcel reference number (i.e. Fedex tracking number)   Go to couriers site and use the reference/tracking number to track the progress of the package.  In some cases there’s an option to setup real emails to notify you about the status of the package.

Want More?

Office Watch has the latest news and tips about Microsoft Office. Independent since 1996. Delivered once a week.