What makes this a Phishing message?
This very simple phishing message that appeared to be sent from FedEx was effective in convincing several campus recipients to download the PDF attachment. The file contained a link that required password authentication, allowing the attacker to capture these user credentials for future use. Note the following clues that this is not a valid message from FedEx:
- The sender address is from a "berkeley.edu" address.
- The recipient address is blank, indicating the message was sent as a "blind carbon-copy" to a larger audience.
- The grammar is very simple but poorly stated.
- There is no message signature other than "Thanks".
From: "FedEx." <firstname.lastname@example.org>
We could not deliver your item.
You can review and print complete details of shipping duty on your order.
PDF Attachment: update_Form.pdf