FedEx Express Email virus. What are these messages?

FedEx Express Email virus. What are these messages?
FedEx Express Email virus
Written by Robert Bailey

The “FedEx Express Email virus” is a common name for the unwanted email spam you can get in your mailbox. These messages consist of pseudo-official claims about your shipment in FedEx company. In this email, you are told that your delivery is coming. As the letter says, more info is available in the attached document at the bottom of the letter. This document will lure you to initiate the malware launching. You will see the detailed description of this scam, as well as the risks related to it in this article.

GridinSoft Anti-Malware Review
It is better to prevent, than repair and repent!
Removing email scam manually may take hours and may damage your PC in the process. I recommend you to download GridinSoft Anti-Malware for threats removal. Allows to complete scan and cure your PC during the trial period.
Gridinsoft Anti-Malware 6-day trial available.
EULA | Privacy Policy | 10% Off Coupon
Subscribe to our Telegram channel to be the first to know about news and our exclusive materials on information security.

What is the “FedEx Express Email virus”?

The name which was assigned to this phishing by alarmed users does not mean that someone from FedEx really tells you about the incoming shipment. The fraudsters who distribute LokiBot virus in such a tactic just choose this callsign to lull the vigilance. The brand of FedEx is a famous thing that is recognized as trustworthy by everyone. And when the user gets this letter, he/she will not even think that this is a scam1. The possibility that a user will click the link or check the file attached to this message is very high.

FedEx Express Email virus message

Fake Fedex email with shipping information

The interest is escalated by the text of the “FedEx Express Email virus”: it says that the incoming shipping will be delivered in the coming days. The delivery information and the additional terms of delivery, as the message says, are displayed in the attached Word or Excel file. The text may vary depending on the decision of scammers. Every little thing looks legit, so the victim will likely launch the attached document. The LokiBot virus is hidden in the macros element inside of the document. Sufferer sees the offer to allow macroses, and at this moment the virus begins its activity.

Here is the approximate text of the email message. It may be different from one message to another.

Dear customer,

Your parcel has arrived our office and ready regarding pickup.

Attached is the Original Shipping and BL as assigned to deliver to you.
Notification for shipment event group “Picked up” for 27 March 29.
ABW number: 1428252043
Pickup Date: 19-03-2021 14:11:20 AM
Service: PI
Pieces: 1
Cust. Ref:
Description: PARCEL,ETC DOC

Herewith concerning FedEx tracking link
CATEGORY JUNE 12. 10:15 PM – Customs status updated -Shipment status may also be obtained from our Internet site
under or Globally under http:/ do not reply this email. This is an automated application used only for sending proactive notifications.

How dangerous the “FedEx Express Email virus” is?

Regardless of the stimulus the user opened the link/file, he will download different viruses {on his personal computer. The exact type of the virus is not related to the text of the spam message, since all viruses are spread by the same cybercriminals. These viruses are just injected to your PC as a part of Microsoft Word file, directly from the mailing app or from the link attached to the “FedEx Express Email virus” letter. No difficult methods, like exploit kit usage – users will do everything themselves.

Here is a short description of “FedEx Express Email virus”:
Name FedEx Express Email virus
Type Email spam
Hazard type LokiBot Spyware
Malware source Infected file attached to the email
Disguise Notifications from FedEx
Protection methods
To remove possible virus infections, try to scan your PC

This scheme is used to spread spyware, banking trojans and keyloggers. All of them are aimed on your sensitive information, primarily – on the important credentials. The second possible type of the virus can be the most harmful one if you use online banking. It is targeted on collecting the logging keys on the sites of the banks or investment funds, so it can easily hijack your login/password. So, the cyber burglars will be free to do whatever they want with your equity2. At the same time, spyware may miss your banking login credentials, but will surely get all possible data about you and your computer. List of the installed applications, often-used apps, anti-malware software onboard, logins and passwords for the social networks – this and a lot of other information will be stealed and sent to the control server.

Can I avoid this scam?

The things are not so hopeless for the “FedEx Express Email virus”. It is quite easy to find the difference between the fake email. First, you need to reminisce if you have a FedEx Express Email saving or deposit account. It can be very funny to spectate this sort of email spam in case when you don’t have one. However, some users can click the added file/link just because of the simple interest. People can do inadequate acts, and this is just such a case. Another element which can help you to understand that somebody tries to scam you is the sender’s email address. Official FedEx email address has a specific domain name, and the fraudsters will definitely not be able to get an email address in this domain. Instead, fraudsters will likely create an email address like “[email protected]” or even “[email protected]”. It is quite easy to distinguish the first one from the second and third, isn’t it?

 FedEx Express Email email scam

The example of dubious email address on another online spamming campaign

The final protection option is an security tool. A lot of users have their email chats in the separated program, called mail client. Some of these clients download the document at the moment when you open the message. In this case, you must have an anti-malware tool which can perform on-run protection. Last function makes it possible to stop the malware opening when the situation is similar to one I have described above. Same situation is with attached links: to understand that these links are malicious, the anti-malware tool must have an internet protection ability. All of these functions are available in GridinSoft Anti-Malware, and I will recommend you to use it to protect your PC from “FedEx Express Email virus” and similar hazards.

What can I do if I have clicked on the link/file in the spam email?

Don’t panic. The spyware activity is not a doom. Of course, the important data you have on your personal computer is definitely in danger, but the logins and passwords can easily be changed. First of all, you need to delete the viruses you have got through the “FedEx Express Email virus”. I can offer you to make use of GridinSoft Anti-Malware to perform this step.

Removing the viruses with GridinSoft Anti-Malware

  • Download and install GridinSoft Anti-Malware. After the installation, you will be offered to perform the Standard Scan. Approve this action.
  • Gridinsoft Anti-Malware during the scan process

  • Standard scan checks the logical disk where the system files are stored, together with the files of programs you have already installed. The scan lasts up to 6 minutes.
  • GridinSoft Anti-Malware scan results

  • When the scan is over, you may choose the action for each detected virus. For all files of the viruses distributed through the described phishing the default option is “Delete”. Press “Apply” to finish the malware removal.
  • GridinSoft Anti-Malware - After Cleaning

Now, when the virus is removed, you need to remember which logging keys you inputted after clicking the spam message. Malware is not omnipotent, and is not able to steal the logins and passwords which were not in use. So, keep calm and change the login details that are about to be compromised.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)


  1. About phishing methods and ways of counteraction.
  2. Detailed description of the banking trojans on Investopedia

About the author

Robert Bailey

I'm Robert Bailey, a passionate Security Engineer with a deep fascination for all things related to malware, reverse engineering, and white hat ethical hacking.

As a white hat hacker, I firmly believe in the power of ethical hacking to bolster security measures. By identifying vulnerabilities and providing solutions, I contribute to the proactive defense of digital infrastructures.

Leave a Reply