Jump to content
neilbar

iMessage hack from Fedex with web address

Recommended Posts

Posted (edited)

HI

 

I am learning why it is vital to have Malwarebytes on a mac - but I have a question please

some background: 

The UK BBC has reported an iMessage hack and suggests user update macs to the latest OSX 10.13, I am not in a position to do that, using 10.13.6.

I received this iMessage supposedly from Fedex,

Your FedEx package is due for delivery by 02/09. To reschedule, go to [link removed] before 23:59. To opt out, reply STOP

it took me to a very convincing looking 'Fedex' website website where I had to add my postcode to "log in", then that shows a package ID number, which Fedex do not recognise.

Their interest in this issue seems rather minimal. Perhaps mistakenly I presumed that an address starting with "https://www.fedex.com"  was guaranteed to be OK, but maybe not? Fedex don't seem interested in confirming one way or the other. Going to that shortened link for sure looks like Fedex (and almost the same as the one above just with some info pre filed in on the form) , but who knows.

 

First Fedex replied:

"Dear  Mr. Barstow,

 Regrettably, your email did not provide the FedEx tracking number used for the shipment

 Despite our efforts to locate it we have been unsuccessful. We would like to review this further for you, but in order to do so, we would need the FedEx tracking number used, the date the package was tendered to FedEx, and the shipper's and recipient's name and full address.  

 It would be helpful if you could also confirm if the package has been sent from an International location or shipped within the UK.

 Should you require any further assistance please do not hesitate to contact me or our Customer Relations Team. "

I replied:
"

Hi
this really is Catch 22, I seem to be in an inescapable corner!
I didn't know someone was sending me something via Fedex, either UK or international?
[however I do have a parcel coming from the USA on USPS, but they don't use FedEx for international - do they?]
What started this all off was that I received an SMS text message, so there MUST be a shipment!
the message:
Your FedEx package is due for delivery by 02/09. To reschedule, go to [link removed] before 23:59. To opt out, reply STOP
I don't know where the shipment is coming from, that’s what I was trying to find out by using the "unique shipment code" produced in your web interface [by clicking that link], surely that must link to the shipment in your system because i am offered the opportunity to 
Why your programmers didn't use the standard tracking number there escapes me
can you help please?"
 
then, later:

Thank you for your email and bringing this to my attention.

 I can assure you that this email has not been generated by FedEx or any of our subsidiaries.I would suggest you do not open any attachment, delete the email and run an anti-virus scan. Our security department is currently working with various agencies to combat any fraudulent activity that implicates FedEx and its logo. If you receive any further emails of this nature please forward them to abuse@fedex.com.

 Once again, thank you for taking the time to alert us to this matter."

as it wasn’t an email and nothing about the web address being OK or not I am still concerned.]

I ran malwarebytes, it came up with "clean", that's a relief - theres nothing in the Library/Application Support/Malwarebytes/MBAM/quarantine folder, so I guess nothing was found?

 

so my question (at last)

 

Am I safe?

Would Malwarebytes relaibly find the mac 'iMessages' malware? How fast do you guys keep up with these threats?

 

thanks so much, what a fab app you made

 

 

 

Edited by treed
link contained personal information

Share this post


Link to post
Share on other sites
1 hour ago, neilbar said:

The UK BBC has reported an iMessage hack and suggests user update macs to the latest OSX 10.13, I am not in a position to do that, using 10.13.6.

Can you give us a link to this UK BBC report please? The only thing I can find at the moment is a threat to the iMessage app on iOS 12 platforms.

I'm not understanding this. 10.13.6 is the latest version, along with Security Update 2019-004 for High Sierra. What exactly are you not in a position to accomplish?

If the address when you hover over the hyperlink is actually

https://www.fedex.com

and when you click on it that's where you end up with a padlock preceding the site name, you should be able to trust that the site is legitimate.

1 hour ago, neilbar said:

Am I safe?

Would Malwarebytes relaibly find the mac 'iMessages' malware? How fast do you guys keep up with these threats?

No, Malwarebytes is not able to intercept and judge an SMS message received by iMessage and you won't be safe from this iMessage threat until your macOS is fully up-to-date.

Share this post


Link to post
Share on other sites

The link you posted included a code to identify the shipment, so I removed that.

The link appeared to be a legitimate link to the Fedex website. I'm not seeing anything that would indicate this was malicious in any way.

Share this post


Link to post
Share on other sites

Hi Alvarnell

 

thanks for your help, I am very grateful

I have searched again and the only BBC post I can find now is here: https://www.bbc.co.uk/news/technology-49165946

my Mac OSX is up to date within High Sierra 10.12x, of course Apple are beyond OSX 10.13 now - so I can't instal the latest version of OSX.

I could get nothing from Fedex about this message, in the end I received another from the same number that did include a tracking number and later a parcel, so they seem like a bunch of idiots given their support could not recognise the ref number accessed via the original message.

thanks lots

Share this post


Link to post
Share on other sites

Treed,

thanks for the reassurance

I thought it looked OK, I am amazed that Fedex could not loom at their own link and confirm they'd sent it.

Anyhoo this whole thing has got me thinning more seriously about my online security so something good came out of it. 

 

thanks man

 

Share this post


Link to post
Share on other sites
10 minutes ago, neilbar said:

the only BBC post I can find now is here: https://www.bbc.co.uk/news/technology-49165946

That's what I suspected. The vulnerabilities described involved iOS devices (iPhones, iPads, etc.), and although it existed for many years, it was patched back in February, so no known impact to macOS iMessages. I can't guarantee that there aren't other High Sierra iMessage vulnerabilities that have not been patched, but I'm not aware of any off the top of my head and High Sierra should be supported with any needed Security Updates for another year or so.

In any case, I'm glad you finally got to the bottom of it, despite lack of FedEx support.

Share this post


Link to post
Share on other sites

Alvarnell thanks

I swear I saw an article about updating Macs to the latest OSX to get around there iMessage bug, but hey, I can't find it now. 

again, I appreciate your kind attention

N

Share this post


Link to post
Share on other sites

There was an August notice to macOS 10.14.6 users to run another Supplemental Update (and tvOS, watchOS & iOS) to correct a regression Kernel issue, but that didn't involve iMessage directly. If you are curious, you can read the details here: https://lists.apple.com/archives/security-announce/2019/Aug/index.html.

Share this post


Link to post
Share on other sites

Alvarnell

thanks

I am frustrated I can't find the article that said update macs to OSX 10.14, but if there is no iMessage OSX vulnerability that's cool

good to know

 

again, much appreciated

Neil

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.