LANSING, Mich. (WLNS) Amid record-breaking Black Friday and Cyber Monday e-shopping, Check Point Researchers urge holiday shoppers anticipating package deliveries to watch out for delivery scams. Hackers are impersonating Amazon, DHL and FedEx, by sending “Track your Shipment” or “Delivery Issue” emails to trick holiday shoppers into giving up their personal details for financial fraud.
Key Highlights from the Report
- 440% global increase in shipping related phishing emails in November, compared to October
- 427% increase in delivery phishing emails in USA
- Amazon is the most imitated brand in USA, where 65% of delivery phishing emails are fake Amazon emails
To help users stay protected against phishing scams, here are 6 tips:
- Never share your credentials: Credential theft is a common goal of cyberattacks. Many people reuse the same usernames and passwords across many different accounts, so stealing the credentials for a single account is likely to give an attacker access to a number of the user’s online accounts.
- Always be suspicious of password reset emails: If you receive an unsolicited password reset email, always visit the website directly (don’t click on embedded links) and change your password to something different on that site (and any other sites with the same password).
- Verify you are using a URL from an authentic website: One way to do this is not to click on links in emails, and instead click on the link from the Google results page after searching for it.
- Beware of lookalike domains: Spelling errors in emails or websites, and unfamiliar email senders.
- Always note the language in the email: Social engineering techniques are designed to take advantage of human nature. This includes the fact that people are more likely to make mistakes when they are in a hurry and are inclined to follow the orders of people in positions of authority. Phishing attacks commonly use these techniques to convince their targets to ignore their potential suspicions about an email and click on a link or open an attachment.
- Watch for misspellings: Beware of misspellings or sites using a different top-level domain. For example, a .co instead of .com. Deals on these copycat sites may look just as attractive as on the real site, but this is how hackers fool consumers into giving up their data.