Shopping season is upon us once again! For sure, with the influx of seasonal promotions, online receipts, shipping data and tracking information, your email inbox will probably be inundated with messages from both online and brick-and-mortar stores alike.
These shopping emails can get overwhelming and of course, the ever-opportunistic scammers will try and slip a quick email scam on unsuspecting shoppers. In fact, email phishing scams remain the most widespread method for stealing customer information.
There's one particular phishing scam that's making the rounds again and watch out! It can easily fool you if you're not paying attention.
Delivery phishing scam
This tricky scheme involves fraudsters sending fake delivery notification emails that appear to be from shipping services like USPS, UPS, or FedEx.
These fake emails typically contain subject lines similar to these:
- We could not deliver your parcel
- Please Confirm Your Shipment
- Problems with item delivery
- Delivery Receipt | Confirm
- Your order is ready to be delivered
- Courier was unable to deliver the parcel
- Your package is here please download attachment to view detail and confirmation of your address
The emails can look so convincing since they use an address similar to the company's name and even company logos to fool you. The goal for the scammers, of course, is to get you to click a link within the email.
Here are a few examples of the text they use to trick you into clicking:
- Package could not delivered, click here to redeliver the package.
- Print the attached form and bring to your local post office to pick up your package.
- Click here to authorize the release of the package. It’s held up at the post office or customs.
Whatever you do, do not click on these links! Why? The consequences can be quite disastrous.
The link could take you to a phishing site that will request your account information (account logins and credit card details). This site will look very similar to the legitimate site you intended to reach. If you bite, then it's game over. The scammers will have everything they'll need.
The other possible result is that attachments or malicious links could be hiding malware. If you click and accidentally install this malicious software, your device could be infected with software that spies on you, steal your information or you could even be hit by ransomware. Bad news, all around.
Shipping verification scam
Another version of this scam will have someone call you about the delivery of a gift addressed to your home.
The "agent" will tell you that in order to process the delivery of the item, you will be required to pay a "verification fee." The scammer will then ask you for a credit or debit card number so they can "process the fee" and proceed with the delivery.
This is all bogus, of course, so please don't fall for it!
Never provide your personal information, including your name, address, or credit and debit card numbers over the phone. Do not provide this information even to the "delivery man" who's dropping off an item at your front door.
Gift deliveries addressed to you shouldn't require any fees. You shouldn't be charged for any verification fees, processing fees or delivery fees when receiving a gift delivery. If you need delivery or tracking information, always verify it directly with the online shopping company.
Avoiding phishing attacks
Criminals are always trying to stay ahead of the curve, delivering malicious links in numerous ways. Here are some things you can do to avoid being a victim of phishing scams:
Be cautious with links
If you get an email or notification from a site that you find suspicious, don't click on its links. It's better to type the website's address directly into a browser than clicking on a link. Before you ever click on a link, hover over it with your mouse to see where it is going to take you. If the destination isn't what the link claims, do not click on it.
Check for https
If you're divulging sensitive information to a website, especially a money transaction, always double-check if you are on a secure connection, signified by a padlock and the prefix https on the address bar. Hovering your cursor on a link or copying and pasting from your clipboard will reveal if a link has a https prefix or not.
Double check the URL spelling
When typing a URL into your browser, take the time to verify you're spelling it correctly. With typosquatting, misspelling a URL could lead to a phishing scam.
Watch for typos
Phishing scams are infamous for having typos. If you receive an email or notification from a reputable company, it should not contain typos. Before clicking on a link, hover over it and check for spelling. The safest move is to type the URL into your browser, with the correct spelling of course.
Use multi-level or two-factor authentication
When available, you should be using multi-level authentication. This is when you have at least two forms of verification, such as a password and a security question before you log into any sensitive accounts.
Have strong security software
Having strong protection on your family's gadgets is very important. The best defense against digital threats is strong security software.
Watch out! Clever Amazon delivery scam spreading all over the country.
There's another tricky delivery scam that is designed to outsmart Amazon's sophisticated tracking system. Click here to learn how to spot it.