bill-swift - June 28, 2012
Security experts will tell you that one way you can tell a scam website or email from a legitimate one is this: pay attention to the details. If an email you just got is full of misspellings and grammatical errors, then that's probably a scam. If a website you're trying to log on to has weird capitalization and seems buggy, then you could be on a phishing site.
Phishing sites are usually clever copies of sites that require users to log-in. When you do sign in to a phishing site, you obviously won't be able to log in, but you'll be sending your account details instead to the happy scammers.
A site of this type was recently discovered by experts from Mxlabs. Links to the site are sent out via email, with messages having subjects like "Your fedex.com account will soon expire!" Users who get this message will probably be alarmed and click on to the link without any second thoughts.
It is now necessary to re-confirm your account information to us. If this process is not completed within 24-48 hours. We will be forced to suspend your Account Online Access as it may have been used for fraudulent purposes. Please log on Otherwise your user ID and profile will be deleted from our records.
-- FedEx scam email
The link doesn't point to FedEx but instead redirects to the compromised site of a Poland-based carpet company that now hosts a phishing page, which looks like a very good copy of the real FedEx page. When the user logs on using the phishing site, then they can kiss their FedEx accounts (and personal information) goodbye.
In cases like these, always be wary of email messages that seem fishy or suspicious. Also, before you log on to any sites, make sure to check the URL to see if it's legit and secure. And when you're in doubt, remember: just look at the details.
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.