{"id":1356,"date":"2015-09-08T23:26:23","date_gmt":"2015-09-08T22:26:23","guid":{"rendered":"http:\/\/www.halkynconsulting.co.uk\/a\/?p=1356"},"modified":"2015-09-08T23:26:23","modified_gmt":"2015-09-08T22:26:23","slug":"phishing-and-malware-fedex-missed-delivery","status":"publish","type":"post","link":"http:\/\/www.halkynconsulting.co.uk\/a\/2015\/09\/phishing-and-malware-fedex-missed-delivery\/","title":{"rendered":"Phishing and Malware &#8211; FedEx missed delivery"},"content":{"rendered":"<p>It seems that every day, new script kiddies discover the likes of the Social Engineering Toolkit or Metasploit and launch a new wave of phishing attacks. Unfortunately it seems that this time the attackers are too lazy to even try.<\/p>\n<figure id=\"attachment_1357\" aria-describedby=\"caption-attachment-1357\" style=\"width: 300px\" class=\"wp-caption alignright\"><a href=\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2015\/09\/malware.png?ssl=1\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"1357\" data-permalink=\"http:\/\/www.halkynconsulting.co.uk\/a\/2015\/09\/phishing-and-malware-fedex-missed-delivery\/malware\/\" data-orig-file=\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2015\/09\/malware.png?fit=732%2C584&amp;ssl=1\" data-orig-size=\"732,584\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"FedEx Delivery Phishing Email\" data-image-description=\"&lt;p&gt;FedEx Delivery Phishing Email &#8211; there is no reason ANYONE should ever open this attachment.&lt;\/p&gt;\n\" data-image-caption=\"&lt;p&gt;FedEx Delivery Phishing Email&lt;\/p&gt;\n\" data-medium-file=\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2015\/09\/malware.png?fit=300%2C239&amp;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2015\/09\/malware.png?fit=732%2C584&amp;ssl=1\" class=\"wp-image-1357 size-medium\" src=\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2015\/09\/malware.png?resize=300%2C239&#038;ssl=1\" alt=\"FedEx Delivery Phishing Email - there is no reason ANYONE should ever open this attachment.\" width=\"300\" height=\"239\" srcset=\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2015\/09\/malware.png?resize=300%2C239&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2015\/09\/malware.png?w=732&amp;ssl=1 732w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" data-recalc-dims=\"1\" \/><\/a><figcaption id=\"caption-attachment-1357\" class=\"wp-caption-text\">FedEx Delivery Phishing Email<\/figcaption><\/figure>\n<p>Today&#8217;s email &#8211; screenshot on the right &#8211;\u00a0is a reasonably straight forward phishing attempt. The idea is to convince the victim that the attachment is interesting enough to open. When it is opened, bad things happen.<\/p>\n<p>Normally, a phishing attack will put at least a bit of effort in, but not this time.<\/p>\n<p>As you can see, the text itself is very short. This may be an attempt to avoid spam filters but it also has the effect of making this email look like almost NO other commercial email. As an example, When was the last time you got an official email without a pointless disclaimer somewhere?<\/p>\n<p>Secondly it ticks every box in the &#8220;anti-Phishing&#8221; awareness lessons:<\/p>\n<ul>\n<li>The from address name doesnt relate to the displayed address.<\/li>\n<li>It doesnt mention me by name.<\/li>\n<li>The English doesnt make sense.<\/li>\n<li>The dates are the wrong way round (for British people!)<\/li>\n<li>Having an email address of @tauntsociety.com just seems designed to raise suspiciouns.<\/li>\n<li>It makes no sense to send a shipping label by email, let alone have it in a zip file.<\/li>\n<\/ul>\n<p>None of this is encouraging me to open the file. Hopefully no one reading this would open the file either. However, sadly, there are enough people who will, to make the attacks continue.<\/p>\n<h2>Newbie Phishing or did it get some things right?<\/h2>\n<p>Amazingly some parts of this attack are effective, but I dont think that is a result of the phishing source. Its more a case of chance.<\/p>\n<ul>\n<li>The email arrived into Exchange today and was not detected as malicious by two web based mail scanners.<\/li>\n<li>The email was delivered to the client machine and not detected as malicious by the local AV (Avast) or Windows Defender. (This is unusual as a check on the hashvalue at <a href=\"https:\/\/www.virustotal.com\/en\/file\/ceff33248cdc9095373d1867612f24565b1a969107e4caa6b517d108da8a2c2e\/analysis\/1441746991\/\" target=\"_blank\">Virus Total<\/a>\u00a0says Microsoft\u00a0detects it as malware)<\/li>\n<li>The payload is detected by Sophos as a ransomware trojan dropper so any unwitting home users who have run this are likely to either lose all their data or pay the ransom.<\/li>\n<\/ul>\n<p>Ransomware is very big business so it is surprising that the attackers here have gone to the trouble of finding malware less than half the AV clients will detect (and most only with very recent database updates), but spoiled the phishing attack with terrible execution.<\/p>\n<p>Surprising and fortunate for a lot of people really.<\/p>\n<h2>Phishing is here to stay<\/h2>\n<p>The main take-away lesson here is that phishing attacks will never go away. Some will get through every technological defence you have so it is critically important that you secure the human.<\/p>\n<p>There is no escaping this. If your users are not security aware, you <strong>will<\/strong> lose data to these attacks as long as you are on the internet.<\/p>\n<h2>Techie Bits &#8211; The Phishing Attack Path<\/h2>\n<p>Looking at the message headers, it looks like this attack has been launched by someone using a form t0 email script on either a site they manage, or one with very weak controls.<\/p>\n<p>Below is the list of message headers, and I&#8217;ve marked in bold the interesting bits. (<em>And yes, I&#8217;ve redacted a couple of bits because it shows some internal data I dont want webscrapers to pull out of the text, no other reason<\/em>).<\/p>\n<blockquote><p>Received: from [REDACTED] ([REDACTED]) by mx.kundenserver.de<br \/>\n(mxeue106) with ESMTPS (Nemesis) id 0LbeXr-1YonOk26NH-00lDRc for<br \/>\n&lt;REDACTED&gt;; Tue, 08 Sep 2015 07:01:13 +0200<br \/>\nReceived: from gateway36.websitewelcome.com ([50.116.126.2]) by<br \/>\nmx.kundenserver.de (mxeue106) with ESMTPS (Nemesis) id<br \/>\n0Lo4jI-1Z2KB721JA-00fwNj for &lt;REDACTED&gt;; Tue, 08 Sep 2015<br \/>\n07:01:13 +0200<br \/>\nReceived: by gateway36.websitewelcome.com (Postfix, from userid 1000)<br \/>\nid 079D6A7914FD7; Tue, 8 Sep 2015 00:01:12 -0500 (CDT)<br \/>\nReceived: from sheridan.websitewelcome.com (sheridan.websitewelcome.com [192.185.83.170])<br \/>\nby gateway36.websitewelcome.com (Postfix) with ESMTP id 02213A7916142<br \/>\nfor &lt;REDACTED&gt;; Tue, 8 Sep 2015 00:01:12 -0500 (CDT)<br \/>\nReceived: from valence by sheridan.websitewelcome.com with local (Exim 4.85)<br \/>\n(envelope-from &lt;valence@sheridan.websitewelcome.com&gt;)<br \/>\nid 1ZZB1r-000SER-Po<br \/>\nfor REDACTED; Tue, 08 Sep 2015 00:01:11 -0500<br \/>\nTo: REDACTED<br \/>\nSubject: Shipment delivery problem #00963055<br \/>\n<strong>X-PHP-Script: tauntsociety.com\/post.php for 195.228.155.205<\/strong><br \/>\nDate: Tue, 8 Sep 2015 00:01:11 -0500<br \/>\nFrom: &#8220;FedEx 2Day&#8221; &lt;marion.estes@tauntsociety.com&gt;<br \/>\nReply-To: &#8220;FedEx 2Day&#8221; &lt;marion.estes@tauntsociety.com&gt;<br \/>\nMessage-ID: &lt;d82c38c685b2827699dc64547da46f1d@tauntsociety.com&gt;<br \/>\nX-Priority: 3<br \/>\nMIME-Version: 1.0<br \/>\nContent-Type: multipart\/mixed;<br \/>\nboundary=&#8221;b1_4ea1c7b3b292b76548671d11a5513ac6&#8243;<br \/>\nX-AntiAbuse: This header was added to track abuse, please include it with any abuse report<br \/>\n<strong>X-AntiAbuse: Primary Hostname &#8211; sheridan.websitewelcome.com<\/strong><br \/>\nX-AntiAbuse: Original Domain &#8211; halkynconsulting.co.uk<br \/>\nX-AntiAbuse: Originator\/Caller UID\/GID &#8211; [2477 32007] \/ [47 12]<br \/>\nX-AntiAbuse: Sender Address Domain &#8211; sheridan.websitewelcome.com<br \/>\nX-BWhitelist: no<br \/>\nX-Source-IP:<br \/>\nX-Exim-ID: 1ZZB1r-000SER-Po<br \/>\nX-Source: \/opt\/php54\/bin\/php-cgi<br \/>\n<strong>X-Source-Args: \/opt\/php54\/bin\/php-cgi \/home\/valence\/public_html\/tauntsociety.com\/post.php<\/strong><br \/>\n<strong>X-Source-Dir: valencestreet.com:\/public_html\/tauntsociety.com<\/strong><br \/>\nX-Source-Sender:<br \/>\nX-Source-Auth: valence<br \/>\nX-Email-Count: 2<br \/>\nX-Source-Cap: dmFsZW5jZTt2YWxlbmNlO3NoZXJpZGFuLndlYnNpdGV3ZWxjb21lLmNvbQ==<br \/>\nContent-Transfer-Encoding: 7bit<br \/>\nEnvelope-To: &lt;REDACTED&gt;<br \/>\nX-UI-Filterresults: notjunk:1;V01:K0:qdxaUM074Do=:ERu\/AyiRUwE+dkIYUTry1QLuld<br \/>\nRiwUfU76tsxGWh3tj7pO8+nRn2+93rW0rJF\/SYfshLWPyLBZTtkmTI5nPp1KlrYWjeqls+5tM<br \/>\n2Yii7RrJuUdm1835qim6c9yqTBiwuL+ite7F2RDuJzaAKUS4TppyZc\/CZyV09CcSOA4hN8It\/<br \/>\n7weuLi\/lsI9Ni90Bpj2l2UJdkCOSblgS\/wfSVYc7\/VUgT64ibY5VWmRGIlyNEeOuR8KSpdHp0<br \/>\nJKgGwUvHOXR9vSOP6lNhwgeJNWbKWBDnDmqud4C9h3uJUq\/Nf5AcmGG3sVjFrIiMGPAssglbe<br \/>\nOgFpYDplFUOyrRyVqnMf2WrqmbChGruU8RgW7fD9limqkBwAXq8bO0iSjg\/c48W0rnyqwaHZR<br \/>\nzlc4PWu98IDpXgkOllcXAOyZHIoimL7JW8xdXaZCsYkiRMvebQFWG7rYVX2j5gG1KeYR1PdMG<br \/>\namFuVrQL1D5nCpCByoOXIMfIk8dEsH81B+whRv2rUUC3w1rHiIgOMv9NQNRp+7Vp\/aL6xaw6b<br \/>\npVt39gmDo6kF\/OnWxL+pY7tdkrz96aILPs6Smz29I+dDFJ0i0GZtcKMFCdjnfWe+GTkf6TNAp<br \/>\nyJp3xIPCOABU9oauWLaPib3ZFY8rLmxwdrG3lHoceq85oVx0rId4Hm0jgu581hV5dF36T1w62<br \/>\nUd2qputDDhD4Wsmy3Km8tp7x31LkimF3q9VLVPjuBewfHClw1EK1xmvhKyXXm+oKh33NDbm+N<br \/>\n8pFKxmx6xhWz1KxT6cWyzc8nYAGQpESX6w==<br \/>\nX-Antivirus: avast! (VPS 150907-1, 07\/09\/2015), Inbound message<br \/>\nX-Antivirus-Status: Clean<\/p><\/blockquote>\n<p>This appears to show a couple of things:<\/p>\n<ul>\n<li>The attack was launched from a post.php script on tauntsociety.com<\/li>\n<li>The from and reply-to addresses are completely untrustworthy as this is a phishing attack designed to get the victim to open a payload, not reply. This means there is no reason to assume they point to a valid mailbox. However in this instance, they point to one on tauntsociety.com.<\/li>\n<li>The mail went via websitewelcome.com&#8217;s email server using an account called\u00a0<em>valence@sheridan.websitewelcome.com<\/em><\/li>\n<li>Websitewelcome.com appears to\u00a0provided to resellers by HostGator and it appears that\u00a0<em>sheridan.websitewelcome.com<\/em> hosts a CPanel portal for webmail.<\/li>\n<li>Both\u00a0valencestreet.com and tauntsociety.com are registered by the same person at 2400 Valence Street, New Orleans. This appears to be a residential address and the owner has used a gmail account to sign up.<\/li>\n<li>The tauntsociety website looks like it hasn&#8217;t been cared for in a while although there is an associated twitter feed which is very active.<\/li>\n<li>The header data here does not give us any better insight into the source of the phishing attack than it came from &#8220;valence&#8221;.<\/li>\n<\/ul>\n<p>Based on the totality of information here,\u00a0the most\u00a0likely\u00a0attack path is that a malicious party has used the script on tauntsociety to send an email. It is also likely that\u00a0the script is hardcoded to present the valence@sheridan.websitewelcome.com account credentials.<\/p>\n<p>While this instance has been a private individual, who may or may not have the knowledge to properly secure a website, similar attacks happen using corporate servers every day.<\/p>\n<p>At Halkyn\u00a0Consulting we research this out of curiousity, but some attack victims will be reporting it to the police. It may be possible for them to be more accurate than the &#8220;Valence&#8221; account but this is very much a gamble and it is just as likely that websitewelcome.com don&#8217;t store any more details than the credentials used.<\/p>\n<p>As a result, if your company owns sites with scripts that fall out of good management, you will find yourself liable for the misuse. And you really dont want that.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It seems that every day, new script kiddies discover the likes of the Social Engineering Toolkit or Metasploit and launch a new wave of phishing attacks. Unfortunately it seems that this time the attackers are too lazy to even try. Today&#8217;s email &#8211; screenshot on the right &#8211;\u00a0is a reasonably straight forward phishing attempt. The [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1357,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[5,3],"tags":[6,133,37,109],"class_list":["post-1356","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-securitynews","tag-infosec","tag-malware","tag-phishing","tag-social-engineering","entry","has-media"],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Phishing and Malware - FedEx missed delivery<\/title>\n<meta name=\"description\" content=\"Another day, another phishing attack, this time purporting to be from FedEx after a failed delivery attempt. Dont fall for this sort of scam.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/www.halkynconsulting.co.uk\/a\/2015\/09\/phishing-and-malware-fedex-missed-delivery\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Phishing and Malware - FedEx missed delivery\" \/>\n<meta property=\"og:description\" content=\"Another day, another phishing attack, this time purporting to be from FedEx after a failed delivery attempt. Dont fall for this sort of scam.\" \/>\n<meta property=\"og:url\" content=\"http:\/\/www.halkynconsulting.co.uk\/a\/2015\/09\/phishing-and-malware-fedex-missed-delivery\/\" \/>\n<meta property=\"og:site_name\" content=\"Halkyn Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2015-09-08T22:26:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2015\/09\/malware.png?fit=732%2C584&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"732\" \/>\n\t<meta property=\"og:image:height\" content=\"584\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Halkyn Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@HalkynSecurity\" \/>\n<meta name=\"twitter:site\" content=\"@HalkynSecurity\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Halkyn Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2015\/09\/phishing-and-malware-fedex-missed-delivery\/#article\",\"isPartOf\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2015\/09\/phishing-and-malware-fedex-missed-delivery\/\"},\"author\":{\"name\":\"Halkyn Security\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/3cfcd2267f12bbcce6a10159022c3df2\"},\"headline\":\"Phishing and Malware &#8211; FedEx missed delivery\",\"datePublished\":\"2015-09-08T22:26:23+00:00\",\"dateModified\":\"2015-09-08T22:26:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2015\/09\/phishing-and-malware-fedex-missed-delivery\/\"},\"wordCount\":1369,\"commentCount\":4,\"publisher\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\"},\"keywords\":[\"Information Security\",\"malware\",\"Phishing\",\"social engineering\"],\"articleSection\":[\"Security\",\"Security News\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"http:\/\/www.halkynconsulting.co.uk\/a\/2015\/09\/phishing-and-malware-fedex-missed-delivery\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2015\/09\/phishing-and-malware-fedex-missed-delivery\/\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2015\/09\/phishing-and-malware-fedex-missed-delivery\/\",\"name\":\"Phishing and Malware - FedEx missed delivery\",\"isPartOf\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#website\"},\"datePublished\":\"2015-09-08T22:26:23+00:00\",\"dateModified\":\"2015-09-08T22:26:23+00:00\",\"description\":\"Another day, another phishing attack, this time purporting to be from FedEx after a failed delivery attempt. Dont fall for this sort of scam.\",\"breadcrumb\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2015\/09\/phishing-and-malware-fedex-missed-delivery\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/www.halkynconsulting.co.uk\/a\/2015\/09\/phishing-and-malware-fedex-missed-delivery\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2015\/09\/phishing-and-malware-fedex-missed-delivery\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Halkyn Security\",\"item\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"http:\/\/www.halkynconsulting.co.uk\/a\/category\/security\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Phishing and Malware &#8211; FedEx missed delivery\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#website\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\",\"name\":\"Halkyn Security Blog\",\"description\":\"Specialist Security &amp; Risk Management Consultants\",\"publisher\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/www.halkynconsulting.co.uk\/a\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\",\"name\":\"Halkyn Consulting\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1\",\"width\":\"990\",\"height\":\"170\",\"caption\":\"Halkyn Consulting\"},\"image\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/2329571\",\"https:\/\/twitter.com\/HalkynSecurity\"]},{\"@type\":\"Person\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/3cfcd2267f12bbcce6a10159022c3df2\",\"name\":\"Halkyn Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4126abc936773e5e8bd38e030d54306e161190a7d6166dba7edadb6caf13b504?s=96&d=retro&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4126abc936773e5e8bd38e030d54306e161190a7d6166dba7edadb6caf13b504?s=96&d=retro&r=g\",\"caption\":\"Halkyn Security\"},\"description\":\"Halkyn Security Consultants.\",\"sameAs\":[\"http:\/\/www.halkynconsulting.co.uk\/\"],\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/author\/halkyn-consulting\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Phishing and Malware - FedEx missed delivery","description":"Another day, another phishing attack, this time purporting to be from FedEx after a failed delivery attempt. Dont fall for this sort of scam.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/www.halkynconsulting.co.uk\/a\/2015\/09\/phishing-and-malware-fedex-missed-delivery\/","og_locale":"en_GB","og_type":"article","og_title":"Phishing and Malware - FedEx missed delivery","og_description":"Another day, another phishing attack, this time purporting to be from FedEx after a failed delivery attempt. Dont fall for this sort of scam.","og_url":"http:\/\/www.halkynconsulting.co.uk\/a\/2015\/09\/phishing-and-malware-fedex-missed-delivery\/","og_site_name":"Halkyn Security Blog","article_published_time":"2015-09-08T22:26:23+00:00","og_image":[{"width":732,"height":584,"url":"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2015\/09\/malware.png?fit=732%2C584&ssl=1","type":"image\/png"}],"author":"Halkyn Security","twitter_card":"summary_large_image","twitter_creator":"@HalkynSecurity","twitter_site":"@HalkynSecurity","twitter_misc":{"Written by":"Halkyn Security","Estimated reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2015\/09\/phishing-and-malware-fedex-missed-delivery\/#article","isPartOf":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2015\/09\/phishing-and-malware-fedex-missed-delivery\/"},"author":{"name":"Halkyn Security","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/3cfcd2267f12bbcce6a10159022c3df2"},"headline":"Phishing and Malware &#8211; FedEx missed delivery","datePublished":"2015-09-08T22:26:23+00:00","dateModified":"2015-09-08T22:26:23+00:00","mainEntityOfPage":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2015\/09\/phishing-and-malware-fedex-missed-delivery\/"},"wordCount":1369,"commentCount":4,"publisher":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization"},"keywords":["Information Security","malware","Phishing","social engineering"],"articleSection":["Security","Security News"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["http:\/\/www.halkynconsulting.co.uk\/a\/2015\/09\/phishing-and-malware-fedex-missed-delivery\/#respond"]}]},{"@type":"WebPage","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2015\/09\/phishing-and-malware-fedex-missed-delivery\/","url":"http:\/\/www.halkynconsulting.co.uk\/a\/2015\/09\/phishing-and-malware-fedex-missed-delivery\/","name":"Phishing and Malware - FedEx missed delivery","isPartOf":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#website"},"datePublished":"2015-09-08T22:26:23+00:00","dateModified":"2015-09-08T22:26:23+00:00","description":"Another day, another phishing attack, this time purporting to be from FedEx after a failed delivery attempt. Dont fall for this sort of scam.","breadcrumb":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2015\/09\/phishing-and-malware-fedex-missed-delivery\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["http:\/\/www.halkynconsulting.co.uk\/a\/2015\/09\/phishing-and-malware-fedex-missed-delivery\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2015\/09\/phishing-and-malware-fedex-missed-delivery\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Halkyn Security","item":"http:\/\/www.halkynconsulting.co.uk\/a\/"},{"@type":"ListItem","position":2,"name":"Security","item":"http:\/\/www.halkynconsulting.co.uk\/a\/category\/security\/"},{"@type":"ListItem","position":3,"name":"Phishing and Malware &#8211; FedEx missed delivery"}]},{"@type":"WebSite","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#website","url":"http:\/\/www.halkynconsulting.co.uk\/a\/","name":"Halkyn Security Blog","description":"Specialist Security &amp; Risk Management Consultants","publisher":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/www.halkynconsulting.co.uk\/a\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization","name":"Halkyn Consulting","url":"http:\/\/www.halkynconsulting.co.uk\/a\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1","width":"990","height":"170","caption":"Halkyn Consulting"},"image":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/2329571","https:\/\/twitter.com\/HalkynSecurity"]},{"@type":"Person","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/3cfcd2267f12bbcce6a10159022c3df2","name":"Halkyn Security","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4126abc936773e5e8bd38e030d54306e161190a7d6166dba7edadb6caf13b504?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4126abc936773e5e8bd38e030d54306e161190a7d6166dba7edadb6caf13b504?s=96&d=retro&r=g","caption":"Halkyn Security"},"description":"Halkyn Security Consultants.","sameAs":["http:\/\/www.halkynconsulting.co.uk\/"],"url":"http:\/\/www.halkynconsulting.co.uk\/a\/author\/halkyn-consulting\/"}]}},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2015\/09\/malware.png?fit=732%2C584&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9yHvD-lS","jetpack_likes_enabled":true,"_links":{"self":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/1356","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/comments?post=1356"}],"version-history":[{"count":4,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/1356\/revisions"}],"predecessor-version":[{"id":1361,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/1356\/revisions\/1361"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/media\/1357"}],"wp:attachment":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/media?parent=1356"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/categories?post=1356"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/tags?post=1356"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}