BBB Alert: Cyber Criminals Pose as FedEx, UPS, and Wal-Mart to Trick Consumers this Holiday Season

December 18, 2008

Better Business Bureau is warning consumers to keep their guard up and their wits about them in order to fend off a new string of phishing e-mails making the rounds this holiday season.

Hackers and scammers are pretending to be customer service personnel from some of the biggest names in business—including FedEx, UPS, and Wal-Mart. Hackers are impersonating well-known companies that do a lot of business this time of year—specifically retailers and shipping companies—in order to quickly earn recipients’ trust and gain access to computer drives, files and accounts to steal personal information such as Social Security, bank or credit card numbers.

“While most of the country is spreading peace and love this holiday season, cyber criminals are spreading computer viruses and stealing identities and information,” said Andy Fisher, BBB spokesperson. “Hackers using e-mail phishing messages are conning consumers by posing as trusted businesses such as Wal-Mart, FedEx and UPS this time of year to take advantage of the seasonal increase in online shopping and shipping of merchandise all across the country.”

Following are three phishing e-mails BBB has spotted, and that con artists are relying on this holiday season to take advantage of consumers:


Hackers have created phishing e-mails which pretend to be from shipping companies claiming that there is a problem with delivery of merchandise. Commonly, the e-mail will include a hyperlink for recipients to click that will take them to another Web site that might install malware or solicit personal information. A message currently making the rounds has a subject line that looks like, “Subject: Tracking Number 13040065504.” The body of the message claims that a package couldn’t be delivered and advises the recipient, “To take your package back you should print the copy of invoice that is in the added file.” Of course, the attachment is actually a virus that will infect the computer if opened.

BBB ADVICE: Instead of clicking on the link in the e-mail, go directly to the shipper’s Web site or contact the company via phone in order to confirm whether there is a shipping problem with your package. Do not open attachments to unsolicited e-mails.

Surveys Offering Holiday Spending Cash

In an effort to take advantage of cash-strapped holiday shoppers, phishing e-mails are circulating pretending to be from retailers such as Wal-Mart. One e-mail has a subject line that reads, “Online Survey from Wal-Mart Stores!!!” And the body of the message states, “This survey has been sent only to a few people from our random generator!”, and “You’ve been selected to take part in our quick and easy 9 questions survey. In return we will credit $90.00 to your account - Just for your time!” Ultimately, the e-mail includes a link to a Web site where the recipient is supposed to take the survey, but in fact leads to a phishing site.

BBB ADVICE: Do not respond to unsolicited e-mails that promise money for answering surveys. Spam e-mails that offer big rewards with little effort will almost invariably cost you in the end.


E-cards are an extremely popular—and inexpensive—way to deliver season’s greetings to loved ones. Typically, with legitimate e-cards, the recipient receives an e-mail with a hyperlink that will take the user to the e-card which is housed on a Web site. Unfortunately, by design, e-cards are an extremely easy way for hackers to disguise their phishing e-mails and direct users to their Web sites which install viruses and malware.

Consumers should think twice before clicking on a link in an e-card e-mail as the hackers will often use logos from recognized brands and companies in order to appear legitimate.

BBB ADVICE: Phishing e-mails posing as e-cards can be difficult to spot. Spelling and grammatical mistakes are a huge red flag. Also, don’t follow the link in an e-card if you don’t recognize the name of the sender.

Consumers who receive suspicious e-mails should report them to the Internet Crime Complaint Center at