Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label FedEx. Show all posts

Beware of the FedEx Courier Scam: How Innocent Indians Are Losing Money

Beware of the FedEx Courier Scam

The FedEx courier scam has emerged as a cunning and heartless ploy to deceive unsuspecting victims. Operating primarily in India, this scam preys on people’s trust, fear, and lack of awareness. Let’s delve into the details of this treacherous scheme and understand how it ensnares its victims.

The Setup

Imagine receiving an automated phone call from an unknown number. The robotic voice on the other end declares, “Your FedEx Package Has Been Blocked…Press 1.” Innocent curiosity or concern prompts some to press that ominous button. And that’s when the trap is sprung.

The Script

The scammers impersonate airport officials, claiming to represent a fictitious FedEx courier office. Their narrative unfolds like a suspenseful thriller:

The Blocked Parcel: The victim is informed that a package in their name has been blocked at the airport. The reason? The Narcotics Control Bureau (NCB) supposedly discovered drugs in the parcel.

Personal Details: To lend credibility, the scammers reveal the victim’s personal information—details obtained from local cyber cafes, hotels, government offices, and other public spots. Armed with the victim’s Aadhaar card number, address, and more, they create an illusion of legitimacy.

The Threat: The call takes a sinister turn. The scammers pretend to transfer the call to NCB officials. They warn the victim that a case has been registered at a nearby police station. Fear sets in. Panic grips the unsuspecting recipient.

The Extortion: Now comes the real blow. The victim is coerced into paying hefty sums in the form of bribes and ‘fines.’ The scammers play on the victim’s vulnerability, threatening dire consequences if they fail to comply.

The Targets

The FedEx courier scam doesn’t discriminate. It targets senior citizens, women, and anyone deemed gullible. The scammers exploit the victim’s emotional state, creating an atmosphere of urgency and impending doom. Victims, even those well-versed with the internet, fall prey to this elaborate ruse.

Real-Life Impact

The impact is devastating. Consider the case of a 70-year-old journalist in Bengaluru who lost a staggering ₹1.20 crore to this fraudulent scheme. Despite never having sent or expected any packages, he was told that the mysterious parcel originated from Mumbai. Fear and confusion clouded his judgment, leading to financial ruin.

Staying Vigilant

As the scam evolves, so must our vigilance. Here are some precautions to safeguard against such frauds:

Verification: Always verify unexpected calls or messages related to packages. Contact the courier company directly using official channels.

Awareness: Educate family members, especially the elderly, about these scams. Awareness is our best defense.

Personal Information: Guard your personal information zealously. Be cautious about sharing sensitive details, even seemingly innocuous ones.

Report: If you encounter such a scam, report it to the authorities immediately. Your vigilance could save others from falling into the same trap.

Scam: Chennai Woman Exposes Cyber Crime Involving Adhaar Card, Courier, Drugs


Woman discloses scam, alerts netizens

By bringing attention to a fresh cybercrime strategy, a marketing expert from Chennai has assisted others in avoiding the scam. Lavanya Mohan, the woman, talked about her experience on X, (formerly Twitter). She said how she got a call saying that someone was using her Aadhaar card to carry drugs over international borders.

The woman said she had recently read in the news about how two residents of Gurugram were conned out of almost Rs 2 crores by cybercriminals who tricked FedEx executives and cybercrime branch experts into calling people and pretending their Aadhar cards were being used to smuggle drugs into Thailand. 

A woman revealed the scam of "Aadhar Card Misused For Drug Smuggling"

Mohan described her conversation with the fraudsters in a series of X threads posted on her social media account, @lavsmohan. The caller, who was impersonating a customer service agent from a delivery company (FedEx, in Mohan's case), had concocted a story about a package that was supposed to be shipped with drugs from Thailand using her Aadhar ID.

Even more phony data were provided by the fraudster, such as shipment information, a forged FIR number, and even a phony employee ID, to increase the impression of urgency and validity. The caller then warned her about "rising scams" and offered to put her in touch with a customs official to settle the matter. 

In her post, Mohan went into further detail about what had happened and expressed her knowledge, saying, "Ma'am, if you don't go ahead with the complaint, your Aadhar will continue to be misused so let me connect you right away with the cyber crime branch."  "Threatening consequences + urgency = scam," she continued. 

The Gurugram incident served as a reminder

Mohan revealed how she was made aware of the news from Gurugram two weeks prior, when two men lost Rs 1.3 crores and Rs 56 lakhs, respectively, to scammers. 

But Mohan held ground and refrained from succumbing to the conman's manipulations. She refused to speak with the caller any further and withheld any personal information, telling them she would wait for police officers to get in touch with her and hang up. She saw the warning signs, which included unwanted calls, threats of legal consequences, and attempts to pressure her into acting quickly. 

In response to the crime occurrence, Mohan wrote: "The amount of information he had to provide me is concerning. Their approach is to put you in contact with the police, who then assert that your ID has connections to the criminal underworld." She further stated, "People are losing their hard-earned money and they can't be blamed because these scams are growing more sophisticated."

FedEx clears the air

Following the cybercrimes on Wednesday that used FedEx's name, the business made it clear in an informative statement that it only phones consumers to inquire about shipped products if the client specifically wants to do so. 

The company's statement went on to caution that anyone should notify local law officials right away and report any strange calls or messages requesting personal information to the cybercrime. 

A similar instance of a "sophisticated" cyber scam was brought to light by well-known Bollywood actress Anjali Patil, who has starred in movies including Newton and Mirzya. The actor was defrauded of Rs 5.79 lakhs in a similar, widely publicized "drug parcel scam" in December 2023. 


Decoding the Elusive 'FedEx' Scam: An Inside Look at the Tactics and Challenges

 


One type of spam that is going around lately is FedEx scam calls, which have been targeting people, and are also doing the rounds. Most people have been victims of online fraud at some point in their lives. For us to better understand this scam, Tejal Sinha partnered up with experts to walk through it and explain it to people in detail to make the case easy to understand what, when, and how it occurs. 

The Internet has become a place full of scams, fraud, identity theft, and problems with online shopping. People have experienced all of these problems at times. The way to navigate the internet with the best intention of avoiding these hazards can seem like a challenge. 

Scammers are always trying to find new ways to trick people, so now, they are not only misusing big names to fool people, but they are also posing as law enforcement officials to scare people into giving them money, so it is more and more dangerous to give money to them.   

There has been a cyber fraud campaign that has swindled a retired policeman out of Rs 9.14 crore over the past fortnight in which cyber fraudsters posed as police officers claimed a courier package delivered by FedEx in his name contained illegal drugs and that he had been involved in money laundering. A number of the unknown suspects, infamous for their use of WhatsApp and Skype, have been allegedly holding the terrified victim under duress for some time from November 14 to November 28. 

Several alarming incidents have occurred over the past few years in Bengaluru in which residents have been scammed in an attempt to impersonate FedEx employees and law enforcement officials. Amit (name changed) is the latest victim, a 52-year-old businessman living in HSR Layout, who lost Rs 1.98 crore as a result of the scam. 

Typically, the scammers tell the victims that they will be placed in contact with the Mumbai Police Cyber Cell in response to their call, suggesting that there may be legal trouble imminent and potentially making them anxious and afraid. However, in the majority of cases, the victims had no involvement with sending or receiving the package.

It is also the case that Amit’s call was transferred to the Mumbai Police cybercrime branch. To inform Amit that his name had been mentioned as a subject of a money laundering investigation involving the intercepted package, the man posing as the police officer then made a Skype video call with him, informing him of the arrest.

In the end, Amit believed that he would need to transfer substantial sums of money to a "specified account" to be verified based on the allegations against him that had been made against him. Despite having been unable to leave the Skype conversation for more than two days, Amit's wife was also engaged in a call with someone claiming to be from law enforcement and even his wife was part of that conversation.  

Since the start of the year, Bengaluru police have been dealing with 163 cases of FedEx courier fraud. Till August, the total loss as a result of the fraud was more than Rs 5 crore. Attempts are underway by government authorities to deter students from taking part in this growing menace by promoting awareness and prevention. The National Crime Records Bureau (NCRB) has reported that the number of cybercrime cases reported in 2022 across 19 metropolitan cities accounted for an alarming 73.4% of the total of 13,534 cybercrime cases reported across the country. 

How to Prevent FedEx Package Scams and Other Fraudulent Schemes


Incoming Calls Can Be Concealed, People need to be attentive to calls they receive from unknown parties, especially those claiming to be FedEx representatives, law enforcement agencies, or other organizations they do not know. 

People should always consider their privacy when it comes to sharing sensitive information over the phone, especially if they are not certain of the legitimacy of the person they are speaking with. This includes details about the user's bank account, credit card information, or passport information.

Verify if a package appears suspicious: If any person receives a call regarding a suspicious package, do not hesitate to contact FedEx directly by calling their customer service hotline or by visiting their verified website. It is necessary to provide them with the tracking number as well as other relevant details that will enable them to confirm the status of the shipment and verify the validity of any claim they may be making. 

The best way to keep financial and personal information secure online is by using a strong, unique password for every account, enabling multi-factor authentication whenever available, updating the software, and keeping an eye out for links and attachments that seem suspicious or suspicious in an email or message. 

Please report any suspicious activity to the appropriate authorities. Victims should inform local law enforcement agencies as well as the Cybercrime Division if they suspect that they have encountered scams or fraudulent activity. Moreover, inform the courier company involved, such as FedEx, of the incident, so that the company can investigate the matter and provide any relevant information necessary to aid them in their efforts. 

Make sure friends, family members, and colleagues are aware of scams and fraudulent schemes by sharing information with them. The more people are aware of these scams, the more likely they are to be protected from them and to contribute to making the online environment a safer one.

CID (Criminal Investigation Department) is in the process of deciphering the methodologies and modus operandi of scammers so that they can locate their pockets and find out how they operate. In Bengaluru, where the CID runs its Centre for Cybercrime Investigation Training and Research, the agency imparts focused training to the CID’s sleuths for them to stay one step ahead of criminals in their pursuit of nefarious activities.

Lapsus$ Attackers Gained Access to a Support Engineer's Laptop, as per Okta

 

According to Okta, a quick inquiry into the posting of screenshots that appeared to depict a data breach discovered they are linked to a "contained" security incident that occurred in January 2022. 

After the LAPSUS$ hacking group shared screenshots on Telegram which it claimed were taken after gaining access to "Okta.com Superuser/Admin and several other systems," Okta, an enterprise identity, and access management business, initiated an investigation. 

Lapsus$ is a hacking gang that has risen through the ranks by supposedly breaking into the networks of high-profile companies one by one to collect information and threaten to disclose it online until blackmail payments are made.

Sitel, Okta's third-party provider of customer support services, was hacked by the Lapsus$ data extortion gang. "The Okta Security team was notified on January 20, 2022, a new factor had been added to a Sitel customer service engineer's Okta account. It was a password which served as this factor" Okta explains. "Though this individual approach was unsuccessful, it reset the account and contacted Sitel," says the company, which then hired a top forensic agency to conduct an investigation. 

Okta is a publicly-traded corporation based in San Francisco with thousands of users, including several technology companies. FedEx, Moody's, T-Mobile, JetBlue, and ITV are among the company's top clients. 

"Lapsus$ is infamous for extortion, threatening victims with the publication of sensitive information if demands are not met," said Ekram Ahmed, a Check Point spokesperson. "The gang boasts of infiltrating Nvidia, Samsung, and Ubisoft, among others." The public has never fully understood how the gang was able to penetrate these targets. 

Okta claims it was unaware of the scope of the event in January, believing it to be restricted to a failed account takeover attempt aimed at a Sitel support engineer. Sitel's hiring of a forensics firm to investigate the incident and prepare a report also assured Okta at the moment the situation didn't need to be escalated any further.

The stock price of Okta dropped about 20% in less than a week after the company's clumsy announcement of the January hacking event. At first, Okta CEO Todd McKinnon described the event as an "attempt" by malicious attackers to hack a support engineer's account. However, it was eventually discovered the problem had affected 2.5 percent of Okta's clients (366 in total). Sitel's support engineers have restricted access to Jira requests and support systems, but they are not allowed to download, create, or delete client records. 

According to Okta, the screenshots posted by the Lapsus$ group were taken from a compromised Sitel engineer's account with limited access. Regardless, the corporation voiced dissatisfaction with the amount of time it took for the investigation's findings to be released.

FedEx and DHL Express Hit with Phishing Attacks

 

Researchers reported on Tuesday that they discovered two email phishing assaults targeting at least 10,000 mailboxes at FedEx and DHL Express that hope to extract client's work email account. In a blog published by Armorblox, the researchers said one assault impersonates a FedEx online document share, and the other claims to share shipping details from DHL. The phishing pages were facilitated on free services like Quip and Google Firebase to deceive security technologies and clients into thinking the links were legitimate.

“The email titles, sender names, and content did enough to mask their true intention and make victims think the emails were really from FedEx and DHL Express respectively,” said researchers with Armorblox on Tuesday. “Emails informing us of FedEx scanned documents or missed DHL deliveries are not out of the ordinary; most users will tend to take quick action on these emails instead of studying them in detail for any inconsistencies.” 

The phishing email spoofing American multinational delivery services company FedEx was entitled, “You have a new FedEx sent to you,” with a date that the email was sent. This email contained some data about the document to make it seem legitimate – like its ID, the number of pages, and kind of document – alongside a link to see the supposed document. On the off chance that the recipients clicked on the email, they would be taken to a file facilitated on Quip. Quip, which comes in a free form, is a tool for Salesforce that offers documents, spreadsheets, slides, and chat services. 

A separate campaign impersonated German international courier DHL Express, with emails telling recipients that “Your parcel has arrived,” with their email addresses towards the end of the title. The email told recipients that a package couldn't be conveyed to them because of incorrect delivery details – and that the parcel is rather ready for pickup at the post office. The email provoked recipients to look at appended “shipping documents” if they want to receive their delivery. The attached document was an HTML file (named “SHIPPING DOC”) that, when opened, previewed a spreadsheet that looked like shipping documents.