‘Tis the Season: Holiday Package Schemes Provide Scam Opportunities
With retail store closures and safety/wellness concerns, many consumers shifted to online shopping. In fact, 2021 Black Friday sales numbers resulted in $8.9 billion in revenue alone. Unfortunately, the combination of increased online shopping, desperation to get deals, and tracking their purchases create a ripe environment for cybercriminals. Scammers craft very convincing phishing attacks via email or text (smishing) messages, alerting consumers to order updates, shipping delays, and other mishaps. The Federal Communications Commission (FCC) warns that these package delivery attacks can be used to steal personal and financial information and deliver malicious payloads including ransomware.
A shipping notification scam is a type of phishing scam where a fraudster contacts the victim claiming to be a mail carrier, delivery service, retailer, or ecommerce brand via phone call, email, or SMS message and says that they were unable to deliver a package as expected.
The messages will often contain a link to a false tracking number, which either directs the user to a phishing website or directly downloads malware onto the device being used to access the message. The messages often imitate the branding of large courier companies which can add to their perceived legitimacy.
Additionally, the messages typically ask the intended victims to verify private information and payment details to “reschedule” the delivery as an attempt to commit identity or financial fraud.
In a different variation, false package delivery notifications contain attachments with once clicked to open, install malware like ransomware on the individual device or network.