FedEx Malspam

What happened?
“Malspam” is short for malware spam—a word to describe any malware that is delivered via email. A malspam campaign that is currently circulating mimics a FedEx shipping confirmation with a person’s real name, Social Security number, and a “tracking number.” Victims that click on the link will be redirected not to a FedEx shipping page but to a page that automatically downloads malware onto their machine. Once on victim’s devices, the malware begins stealing banking and credit card data by logging the victim’s keystrokes when they type usernames and passwords.

How does it impact the FIT community?
The Division of Information Technology has made every attempt to prevent these messages from being received by FIT email by blocking all known domains, email, and IP addresses sending malspam. However, it is possible a message may get past our defenses, or you may be sent a malspam to your non-FIT email account.

What can you do to protect yourself?

If you receive this malspam email you should file an identity theft report with your local police department—your Social Security number (SSN) has already been exposed to cybercriminals.  

  • If you receive a delivery notification, especially one you were not expecting, go directly to the shipping services website and enter the tracking number into their online tracking page. Don’t click on the links in the email.
  • If you’ve ordered something and are expecting a delivery from FedEX, use the tracking link from the order history on the website from which you made your purchase, and make a note of that tracking number for your records.
  • Report any suspicious email as phishing.

Where can you get more information?
The Federal Trade Commission’s website will provide additional steps for protecting any exposed SSN.

About Cybersafe
The Division of Information Technology is dedicated to informing the community of the latest cybersecurity threats. Visit and stay tuned for emails from [email protected] for the latest from the Cybersafe campaign at FIT.

Be aware—and be cybersafe!

Questions? Comments? Email [email protected] or call (212) 217-HELP (4357).