Beware of Holiday Package Shipping Scams
With retail closures and safety and wellness concerns due to the pandemic, it is understandable why you might prefer shopping online for the holidays. You are not alone: In fact, 2021 Black Friday sales figures show $8.9 billion in sales alone! Unfortunately, the mix of increased online shopping, desperation to get deals, and tracking your purchases create the perfect opportunity for cybercriminals to strike. Researchers have found a significant increase in holiday-themed “SMiShing” attacks, almost twice as high as last year. With concerns that shipments and packages will be delivered on time, holiday package schemes (shipping notification scams) have proven to be a highly successful means of attack for phishers.
What Is a Shipping Notification Scam?
According to CUNA (Credit Union National Association) Mutual, a shipping notification scam is a type of phishing scam where a fraudster contacts the victim claiming to be a mail carrier, delivery service, retailer, or ecommerce brand via phone call, email, or SMS message and says that they were unable to deliver a package as expected.
How Do These Shipping Notification Scams Work?
Scammers create very convincing phishing attacks via email or text (smishing) messages alerting consumers to order updates, shipping delays, and other mishaps. These package delivery attacks can be used to steal personal and financial information and deliver malicious payloads including ransomware. Here are some common traps included in these phishing or SMiShing messages:
- A link to a false tracking number that either directs the user to a phishing website or downloads malware directly to the device used to access the message
- Branding that mimics large courier companies to make them appear to be more legitimate
- Urgent requests for the intended victims to verify private information and payment details in order to “reschedule” the delivery
In a different variation, attachments, which once clicked to open, install malware like ransomware on the individual device or network
How to Protect Yourself From Shipping Notification Scams
Here are some ways to enjoy getting those online deals while keeping your personal information safe:
- Do not open suspicious emails, click on unverified links, or open unknown attachments.
- Be cautious about visiting unknown websites.
- Don't give your personal or account information when asked. Openly sharing your information on social media can give an identity thief the information needed to impersonate you or answer certain challenge questions.
- Be suspicious of notifications telling you that an “urgent” or “immediate” response is needed or there was an “unauthorized login attempt” of your account.
- Report suspicious messages to your financial institution. You can call PEFCU at (800) 226-6673 if you suspect fraud. We’ll be happy to help.
- Visit the PEFCU Security Center often for minute-by-minute updates about active scams. Have a happy, healthy, and safe holiday this year. Thank you for being a PEFCU member.
Have a happy, healthy, and safe holiday this year. Thank you for being a PEFCU member.