Cybersecurity has become a crucial element of running a promotional products business. It’s an unfortunate reality, but ransomware incidents and cybercrimes are increasingly targeting different companies in the industry.

A new study conducted by a cybersecurity company reports some harrowing statistics involving shipping and logistics carrier.

Phishing With FedEx

Phishing is one of the most common forms of cybercrimes, so much so that the White House felt compelled to officially warn businesses of the threat in 2022.

  • Criminals use phishing to trick the user into letting them into their files to steal, disrupt or hold files ransom.
  • This is not the obvious phishing of 10 years ago, which was typically easy to identify.
  • Phishing has increased in sophistication and number of attempts, which, combined, increase the probability of any given company being successfully victimized.

Impersonation is the most likely tactic of a phishing scam.

  • The cybersecurity firm Cloudflare released a report of the most common brands impersonated through successful phishing scams (defined by causing victims to click on the phishing URL).

The report showed that shipping and logistics companies rank among the top ways phishing scammers approach potential victims.

  • FedEx, a PPAI Affinity Partner, is ranked 40th on Cloudflare’s list of most impersonated brands.
  • Much higher on the list is the carrier service DHL, which is ranked fourth on the list.

Shipping and logistics companies are impersonated because doing business with a carrier can mean getting updates about the status of your delivery, or requiring action to receive an order or address a delay.

  • When a business needs to receive a shipment, they typically need that shipment on schedule.
  • For that reason, they may rush to open an email that contains only minor differences from what a real email from FedEx might look like without taking the time to consider it might be a scam to gain access to their computer.

The Real FedEx Has Advice

FedEx’s statement on possible fraud is as follows:

“FedEx does not request, via unsolicited mail, text or email, payment or personal information in return for goods in transit or in FedEx custody. If you receive any of these or similar communications, do not reply or cooperate with the sender. If your interaction with the website resulted in financial loss, you should contact your bank immediately.”

A few warning signs that FedEx warns customers to be on the lookout for:

  • A sense of urgency

While your shipment is likely an urgent matter to you, FedEx emails, texts or calls will not rush you to act or appear pushy in their language or tone. Urgency leads to quick decisions, which is what scammers are hoping for.

  • Requests for personal or financial information.

FedEx’s systems are organized from the initial phase of doing business. If the company requests money or personal information while a shipment is supposed to be in route, take a step back and visit FedEx’s customer service page and get in touch with a representative.

  • Spelling or grammatical errors.

These are telltale signs of phishing. Be sure to look at the exact email address. It may be slightly different from what an official FedEx email address would appear as.

Take Best Practices Seriously

Whether the criminal is impersonating FedEx, PayPal or the CEO of your company, you are very likely to be targeted by a phishing scam.

A cyber crime can be reported to the Internet Crime Complaint Center of the Federal Bureau of Investigation.

PPAI has a few best practices and considerations that the organization follows internally and advises of members.

  • Consider how much access to systems, data and files each employee needs in order to be able to do their job. The less any compromised device has access to, the less reach that threat has.
  • When archiving data for reference, consider making it ‘Read Only’ so users can look at it but not alter it.
  • PPAI urges companies to be constantly updating their cybersecurity prevention and security plans to keep up with evolving threats. PPAI’s security road map looks very different than it did even just last year.
  • Train all your employees to be on the lookout for phishing scams.

If you are successfully hacked in a phishing attack that turns into a ransomware attack, you may receive a message claiming your computer is infected and demanding you to call a number or pay an amount or take an action.

  • At that point, it may seem too late.
  • Nonetheless, immediately unplug your machine and contact your IT department, as the damage can potentially be mitigated.