Fake FedEx Account Takeover Phishing Scam
Phishing emails impersonate FedEx's security team to harvest FedEx account credentials. A compromised FedEx account exposes saved addresses, payment methods, and business shipping data, and can be used to redirect in-transit shipments or commit billing fraud.
Part of: Account Takeover Scams
Last reviewed: 7 June 2026
FedEx accounts — particularly FedEx Delivery Manager accounts for consumers and FedEx Ship Manager accounts for businesses — store a significant amount of valuable data: delivery addresses, payment cards, shipment histories, and in the case of business accounts, negotiated rate cards and shipping API integrations.
Scammers send account-security phishing emails claiming that unusual activity was detected on the recipient's FedEx account and that immediate verification is required to prevent suspension. The email's purple-and-orange FedEx branding and official-sounding language are designed to trigger a reflexive login response.
The real FedEx security team communicates account alerts through your registered email and directs you to sign in at fedex.com directly. FedEx supports two-factor authentication for account security, and enabling it is one of the most effective defences against credential-theft attacks.
How this scam works on the FedEx brand
The phishing email reads: 'FedEx Security Alert: We detected suspicious access to your account from a new device. Please verify your credentials immediately to secure your account: [link].' The link opens a convincing replica of the FedEx.com login page.
Once credentials are captured, the attacker logs in to the real FedEx account, adds a new delivery address, and requests redirections for any in-transit packages to that address. For business shipping accounts, the attacker may also create and print fraudulent shipping labels that charge to the account.
Some variants also attempt to capture two-factor authentication codes by forwarding them in real time from the victim's real FedEx account to the phishing page — a technique known as real-time phishing or adversary-in-the-middle phishing.
Common red flags
- Unsolicited email claiming unusual FedEx account access with a verify-now link
- Link goes to a non-fedex.com domain
- Email address is not from @fedex.com
- No corresponding alert when you log in directly to fedex.com
- Urgency: 'account locked in 24 hours if not verified'
- Phishing page also asks for two-factor code immediately after password entry
- Email uses generic greeting rather than your account name
How to protect yourself
- Log in to FedEx by typing fedex.com directly — never via an email link
- Enable two-factor authentication on your FedEx account
- Change your FedEx password immediately if you suspect compromise
- Check saved addresses and in-transit shipment redirect settings for unauthorised changes
- Report the phishing email to [email protected]
How to report it
- Forward the phishing email to [email protected]
- Report to the FTC at reportfraud.ftc.gov
- Report to the FBI IC3 at ic3.gov if financial loss occurred
- Contact FedEx customer service if your account was accessed
- Report phishing sites to your national cybersecurity centre
Frequently asked questions
What can a criminal do with my FedEx account?
A stolen FedEx account can redirect in-transit packages to a new address, expose saved payment methods, generate fraudulent shipping labels on business accounts, and harvest stored addresses for further fraud.
How does two-factor authentication protect my FedEx account?
With 2FA enabled, logging in requires both your password and a one-time code sent to your phone or email. Even if a phisher captures your password, they cannot access the account without the second factor — unless they also intercept it in real time.