The FedEx Email That Salesforce Authenticated and Qualtrics Delivered: Data Harvesting Through Three Layers of Trust

A spearphishing campaign impersonated FedEx by sending fully authenticated emails via Salesforce MTA with Qualtrics survey links requesting non-public shipment and contact details; all technical signals (SPF/DKIM/DMARC and URL scans) appeared legitimate, but social-engineering cues—unverifiable contact addresses, minor localization errors, and a hard deadline—indicate a data-harvesting operation designed to bypass standard gateway detections.