November saw a spike in phishing emails spoofing shipping companies such as DHL, Amazon, and FedEx, says Check Point Research.
As the 2020 holiday season rolls around, more consumers unable or unwilling to shop in physical stores due to the coronavirus pandemic will turn to online shopping. And while home delivery of items is certainly a convenient option, it also presents a bigger opportunity for cybercriminals.
A blog post published Tuesday by cyber threat intelligence provider Check Point Research examines the recent spike in phishing email notifications that impersonate popular shipping companies and offers advice on how to defend yourself against these types of scams.
SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
Looking at November, Check Point found a 440% increase in shipping-related phishing emails compared with October. Europe was hit hardest by this jump, with North America and the Asia Pacific (APAC) region next on the list.
In this area, DHL was the most spoofed company in November, comprising 56% of all such phishing emails, followed by Amazon with 37%, and FedEx with 7%.
The results also varied by region. In Europe and APAC, DHL was the most spoofed brand for these types of emails. But in North America, Amazon led the pack with 65% of all such phishing emails impersonating Amazon-shipping related notifications.
These shipping notification scams work by sending people fake messages alerting them to a “delivery issue” or offering “track your shipment” information. The goal is to convince the recipient to share certain confidential details as a way to steal their account credentials or financial data. November is the right time for these types of attacks as consumers who may be aware of traditional fraud attempts might pay more attention to shipping-related emails.
In one campaign, a fake DHL notification warns people that their package is waiting at the post office and can’t be delivered due to incorrect delivery details. The recipient is asked to verify their account and confirm a delivery charge for the package to be released. In another campaign spoofing FedEx, the phishing email points to a problem with the shipping address, requiring the user’s verification. A third campaign exploits DHL with incorrect delivery details and a prompt to enter your shipping information.
To protect yourself against these types of phishing emails, Check Point offers the following tips:
- Never share your credentials or reuse passwords. Credential theft is a common goal of cyberattacks. Many people use the same usernames and passwords across many different accounts, so stealing the credentials for a single account is likely to give an attacker access to several of the user’s online accounts.
- Always be suspicious of password reset emails. If you receive an unsolicited password reset email, always visit the website directly (don’t click on embedded links) and change your password to something different on that site (and any other sites with the same password). Not knowing your password is, of course, also the problem that cybercriminals face when trying to gain access to your online accounts. By sending a fake password reset email that directs you to a lookalike phishing site, they can convince you to type in your account credentials and steal them.
- Verify that you’re using a URL from an authentic website. One way to do this is not to click on links in the emails and instead click on the link from a Google results page after searching for the site.
- Always note the language in the email. Social engineering techniques are designed to take advantage of human nature. People are more likely to make mistakes when they’re in a hurry and inclined to follow the orders of people in positions of authority. Phishing attacks commonly use these techniques to convince their targets to ignore their potential suspicions about an email and click on a link or open an attachment.
- Beware of lookalike domains. Watch out for unfamiliar websites and email senders.
- Watch for misspellings. Beware of misspellings and sites that use a different top-level domain, such as a .co instead of a .com. Deals on these copycat sites may look just as attractive as on the real site, but this is how hackers fool consumers into giving up their data.