Since the start of the pandemic, attackers have been finding newer and more inventive ways to leverage current events to target users through malicious emails. It is important to note that parcel carriers will not typically request customers to fill out any document attached to an email, but instead would use web-portals at their well-known websites to manage deliveries. Users should be suspicious of emails from parcel carriers when no packages are expected through that carrier’s service. The emails which have been seen in this campaign have varied in sophistication—some include standard disclaimers and messages at the bottom, including an unsubscribe link. Other messages have utilized poor spelling and grammar, including the use of “pls” in places of the word please. In this instance, very simple protection from this campaign even when a package is expected is to navigate to the carrier’s website and check there for messages and package status. If a Remote Access Trojan is installed on a corporate workstation, it can be used by attackers to cause major damage to the company’s data and brand. In addition to email filtering and employee education, it is important to monitor workstations and servers for attacker activity and quickly cut off any unauthorized remote access to corporate computers. More information on this incident can be found at https://www.bleepingcomputer.com/news/security/fake-fedex-and-ups-delivery-issues-used-in-covid-19-phishing/