If you’re like most of us, you’ve probably ordered items for delivery at some point during the COVID-19 pandemic. And just like most of us, you’ve noticed delays in shipping no matter where in the country you live.
These delays aren’t happening without good reason, mind you. Shutdowns at postal and shipping facilities have snarled logistical traffic, and even Amazon is struggling to keep up with a record number of orders.
As inconvenient as shipping delays are, that’s nothing compared to the pain scammers are inflicting on people. By masquerading as FedEx, UPS and other shipping companies, these crooks are easily tricking their victims into handing over personal data. Here’s how to stay safe.
Deliveries may be delayed, but scammers are coming out of the woodwork right on cue — preying upon impatient buyers with fake shipping alerts that require “verification” for delivery. In other words, they’re using our reliance on shipping services against us to extort our hard-earned cash.
According to security reports from Kaspersky Labs, there are a few primary ways these criminals are targeting people. The first, and most obvious, involves malicious email attachments that users are supposed to fill out to confirm delivery. Don’t fall for it. Opening the file allows scammers to install a trojan on your computer.
In another variation, criminals claim there has been a delay in your shipment. You’re advised to fill out a document to ensure your package arrives on time. Yes, this too is a malicious attachment. This one is particularly insidious, since it’s based on a real-world problem affecting millions of consumers around the country — shipping delays.
Not all of these emails contain attachments, though. Some will point you to a replicated website that looks nearly identical to a real shipping service site. The image on the left, above, is the fake. The image on the right is the legitimate website. Can you tell which is which?
If you fill in your information per the scam email’s instructions, you’ll be in for a world of hurt. These websites are designed for phishing and will siphon up your information if you type it in.
Scammers are imitating a range of carriers, but the primary examples we’re seeing are FedEx, UPS and DHL. Others may emerge as the scam campaign continues.
It just goes to show how far criminals are willing to go to scam consumers. We’re already on our toes thanks to COVID-19, so it’s a pain in the neck that we have yet another problem to worry about on top of virus risks.
Avoid getting scammed
So, what can you do to protect yourself? It all starts with common sense and knowing the tricks cybercriminals rely on.
- If you get any kind of email regarding a delivery confirmation or delay in your shipment, ignore it.
- If you’re genuinely concerned about your order, take a moment to give the shipping service a call. Have your tracking number handy. There is no reason to engage with an email that requests personal information, no matter how real it seems.
- Avoid emails with attachments at all costs. Unless someone you know explicitly says they will be sending an email with an attachment, don’t open it.
- Look carefully at the language used in the email or on the site. In several of the examples above, the English is poorly constructed and the syntax flimsy.
- Don’t click a link from an email or do a Google search for how to contact a shipping company. Type the address directly into your browser.
Unlike obviously scammy emails, phishing websites are far more realistic. The information is directly copied from the websites they’re based on, after all. To avoid getting tricked, pay close attention to the URL.
Look for spelling mistakes, extra characters or words, or odd extensions like .net. Scammers will also replace a single letter with one that looks similar, like a zero for the letter “O” or “l” for “i.” Don’t click shortened URLs, either. You never know where these will lead.
If you did manage to get hooked thanks to a shipment scam, don’t panic — you’re not alone. Millions of people are struggling under the weight of fraudulent logins and phishing attempts with highly-accurate web portals. Tap or click here to see the Skype scam that’s tricking everyone.
Be sure to change your most critical passwords — especially for any site that has your financial information — to something stronger before hackers have a chance to muck with your data. Strong passwords with two-factor authentication are key to securing your accounts from hackers. Tap or click here to see how to set up 2FA.
If you put in payment details, contact your bank and cancel your card.
As real as these emails and websites look, they’re only dangerous if you choose to interact with them. The biggest strength of phishing campaigns is also their greatest weakness: If the fish don’t bite, the phisher won’t catch anything.
BY JAMES GELINAS, KOMANDO.COM