Spot the three dominant FedEx scam-email patterns in 2026 — customs fee, delivery rescheduling, and account-suspension phishing — with the verification rules that defeat them.
Last reviewed: 13 May 2026 · ScamSupport research
Why FedEx is the most-impersonated international courier in UK scam emails
FedEx is the courier most often spoofed in UK consumer phishing because the brand is associated with cross-border shipments, where UK recipients legitimately expect customs and duty charges. That expectation is precisely what scammers exploit. Report Fraud’s 2025 reporting placed courier-impersonation phishing among the top three delivery scam categories, with FedEx, UPS and DPD scams accounting for a significant share of customs-fee phishing alongside Royal Mail and Evri.
UK customers buying anything from the US, mainland China, or non-EU markets are particularly vulnerable. Real customs charges do apply to imports valued over £135 (VAT) or with a customs duty band — so a request for a small fee is plausible. The scam works because it’s indistinguishable from a real one without checking the domain and the FedEx tracking page directly.
Three FedEx scam-email variants currently in circulation
Subject: “Action required: pay £2.99 customs fee to release your shipment”
Body: A polished message with the FedEx logo informs you that a shipment from overseas is being held pending payment of a small customs handling fee. A “pay now” link routes to a slick checkout page that collects full card details.
Red flags:
The amount is suspiciously small. Real customs handling fees from FedEx UK are not £1.99 / £2.99 token amounts — they’re calculated from the shipment value and tariff codes. A small fee is deliberately under risk thresholds; the data harvest from full-card-detail entry is the actual value extracted.
The sender domain is not fedex.com. Real FedEx emails come from @fedex.com or @fedex.global. Anything else — fedex-uk-clearance.com, fedex-customs[dot]net, fedexuk-fee[dot]co.uk — is a typosquat.
You don’t have an outstanding shipment. Many recipients never ordered anything from abroad. Verify by checking your actual purchases against the “tracking number” in the email.
The page collects full card details for a tiny amount. Legitimate FedEx customs payments are processed via FedEx’s tracking portal at www.fedex.com/en-gb/tracking — not via a stand-alone email link.
Urgency “shipment will be returned in 24h”. Real FedEx holds shipments for several days before any return-to-sender action and notifies the sender as well as the recipient.
Body: A message claiming the courier attempted delivery while you were out and asking you to click a link to reschedule. The link routes to a fake FedEx page that collects address details, contact details and sometimes a “security deposit” to confirm the rescheduling.
Red flags:
Real FedEx leaves a paper InfoNotice (a yellow door tag) at the address, not just an email. If there’s no physical card and no shipment you were expecting, the email is highly likely fake.
FedEx reschedules via fedex.com/track or the FedEx Delivery Manager — never via a stand-alone link in an email. Log in to your account directly to check.
“Security deposit” is invented. FedEx does not charge a fee to reschedule a delivery to an existing address.
Generic addressing. “Dear Customer” without your name is a phishing signal. Real FedEx emails use the name on file.
Variant 3 — FedEx Business Account suspension / verification
Subject: “Your FedEx Business Account has been temporarily suspended”
Body: Targeted at small businesses, this email claims the FedEx business account has been flagged for unusual activity. To restore access, the recipient is asked to click through to verify business details, login credentials and bank-account-on-file information.
Red flags:
Real FedEx business-account suspensions are communicated through your designated account manager and via login messages on fedex.com, not via stand-alone “verify now” emails.
The login domain is a typosquat. Real FedEx business login is at www.fedex.com/secure-login. Variants like fedex-secure-update.com, fedex-business-verify[dot]net are fakes.
They ask for bank-account-on-file details. Real FedEx already has these on file. Asking to “verify” them is a credential-harvest pretext.
Business-account scams escalate. Once criminals have access, they ship goods at the victim’s expense, exfiltrate customer data, or pivot to the victim’s linked banking. Higher-value than consumer phishing.
How to verify a FedEx email is genuine
Read the sender domain. Real FedEx emails come from @fedex.com or country-specific subdomains under fedex.com. Anything else is suspect.
Go to fedex.com/track directly — not via a link in the email. Type the tracking number from the email into the official FedEx tracking page. If the shipment is real and there’s a genuine action required, FedEx’s own tracking page will show it.
UK customs are processed transparently. Real FedEx UK customs invoices include a breakdown of VAT, duty and FedEx’s clearance admin fee. The breakdown is visible in your fedex.com account, not just by email.
Call FedEx UK customer service on 03456 070 809 (the number listed on fedex.com/en-gb/contact) if you’re unsure. Real FedEx will be able to tell you immediately whether you have an outstanding charge.
Report scam FedEx emails to abuse@fedex.com (FedEx’s official phishing-report address). FedEx’s security team uses these reports to take down scam infrastructure.
If you’ve already clicked a fake FedEx link
Card details entered: call your bank’s fraud line on the number on the back of your card. Cancel and replace the card. Reference any unauthorised transactions under the PSR Mandatory Reimbursement Scheme.
FedEx account credentials entered: change your password at www.fedex.com/secure-login, sign out all sessions, and enable additional authentication. Notify FedEx via abuse@fedex.com.
Personal details entered (DOB, address, ID document numbers): consider CIFAS Protective Registration — protects your credit file for 2 years against follow-on identity fraud.
Report the email to report@phishing.gov.uk (NCSC Suspicious Email Reporting Service). NCSC takes down over 100,000 scam URLs each month using these reports.