Cyber scammers don’t take any time off for the holiday season. In fact, they’re working overtime to take advantage of the spirit of giving. Giving to them, that is. By now consumers know that packages left outside their homes are up for grabs by package pilferers. Consider those the good old days. The latest cyber scam is preying on your predictable fear that those boxes won’t arrive on your doorstep at all.
All the shipping giants: Amazon, FedEx, UPS and the USPS are reporting email delivery scams their customers are falling victim to, especially this time of year. According to the FTC, this email scam has been around for years, but is particularly at risk for online holiday shoppers. Malware, ransomware, and credit card theft from these bogus emails are only part of what this epidemic is spreading.
The emails sent to those expecting package deliveries are invading inboxes everywhere. They all count on exploiting the fear that your package will not arrive because of a made-up delivery glitch. Listed below are some of the more popular email themes being used. And remember, if it looks phishy it probably is.
- Courier was not able to deliver parcel xxx1234
- Please confirm your delivery shipment
- Problems delivering item xxx1234
- Please confirm shipment and delivery information to receive your package
- To get your shipment, you must open the attachment and verify your credit card details
1. FedEx and UPS want customers to know they never send unsolicited emails about package deliveries. All big shipping services direct consumers to visit their specific website directly and log into your account. From there you’ll be able to find out if that worrisome email is a scam.
2. The visual appearance of these emails looks very legitimate, including logos and graphics styles. Be assured they are fakes. Also look for misspellings and bad grammar. Cyber thieves may know how to use a keyboard for theft, but often not for spelling.
3. Never click on a link before verifying the address. Hover over the link to see where it’s really taking you, including checking for accurate spelling. Best not to click an unknown or shady address at all. Type the URL yourself directly into the browser so you’re positive where you’re going, and double check it’s spelled correctly. “Typosquatters” are out there hoping to hook you with a phishing scam. Also look for the lock icon in the address bar, and always start a URL with https://.