Fake FedEx Browser-Update Malware Popup Scam
Malicious websites triggered by FedEx-branded phishing links display a convincing browser-update popup that, when clicked, downloads malware instead of a legitimate update. The real FedEx website never prompts a browser update as a condition of viewing tracking information.
Part of: Fake Browser Update Malware Popups
Last reviewed: 8 June 2026
Browser-update popups are a long-established malware delivery method, and scammers have now integrated them into FedEx-branded delivery phishing campaigns. A victim receives a FedEx phishing email claiming a shipment notification is available; when they click to view it, a popup appears over the loading page warning that their browser is out of date and must be updated to continue.
Clicking the update button downloads an executable file disguised as a browser installer — Chrome_Update.exe or Firefox_Update.msi — which is actually a trojan, ransomware dropper, or infostealer. Because the user's attention is on expecting to view a FedEx tracking page, the popup is processed as a routine computer maintenance step rather than a security threat.
FedEx does not require any browser update before displaying tracking information. If a FedEx-related URL triggers a browser-update popup, the page is not from FedEx.
How this scam works on the FedEx brand
The phishing email contains a View Tracking Details button. Clicking it opens a page that briefly shows FedEx branding before a full-screen overlay appears: Your browser requires an update to display shipment documents — Update Chrome now to continue. The button downloads an executable with a legitimate-sounding file name.
The malicious file requests administrator permissions during installation. Once granted, it installs a remote-access trojan or information-stealing software. The fake update page then redirects to the real fedex.com to mask the malware delivery.
Variants of this campaign adapt the popup to the victim's detected browser — showing a Firefox popup to Firefox users and a Chrome popup to Chrome users — to increase credibility.
Common red flags
- A FedEx-related link triggers a browser-update popup before displaying tracking information
- The popup is a full-screen overlay rather than a browser notification in the address bar
- The update button downloads an EXE, MSI, or ZIP file rather than redirecting to the browser's official update mechanism
- FedEx link leads to a domain other than fedex.com
- The pop-up appeared on a page that is not directly from fedex.com
- The update filename contains words like Setup, Installer, or Update alongside a browser name
- Browser update is described as required to view a document — real tracking pages load in any current browser without updates
How to protect yourself
- Close the tab immediately if a browser-update popup appears on a page triggered by a delivery email link
- Update your browser through the browser's own menu — Help > About in Chrome or Firefox — never through a popup on a website
- Access FedEx tracking only at fedex.com by typing it in the address bar
- If you downloaded and ran the file, disconnect from the internet and run a full security scan immediately
- Check whether administrator permissions were granted to the installer and revoke them if so
- Change passwords for banking, email, and any accounts stored in your browser
- Report the phishing email to FedEx
How to report it
- Forward the phishing email to [email protected]
- Report to the FTC at reportfraud.ftc.gov (US) or Action Fraud at actionfraud.police.uk (UK)
- Report the malicious domain to Google Safe Browsing
- Report to CISA at cisa.gov/report if malware was executed
- File at ic3.gov if financial loss occurred
Frequently asked questions
Does FedEx require a browser update to view tracking information?
No. fedex.com tracking pages are accessible in any current, major browser without requiring an update. A page that demands a browser update before displaying FedEx content is not a genuine FedEx page.
How do I safely update my browser?
For Chrome, go to the three-dot menu, then Help, then About Google Chrome. For Firefox, go to the three-bar menu, then Help, then About Firefox. Both browsers check for and apply updates automatically through these built-in channels. Never use a website popup to update your browser.
I ran the fake update file. What are the immediate steps?
Disconnect your device from the internet immediately. Run a full scan with a reputable security tool. Check your browser for unfamiliar extensions and remove them. Change passwords for all sensitive accounts, especially banking and email, from a different, unaffected device.