The holiday season is a time of joy for families everywhere. Or, at least it is supposed to be. While people are scurrying around looking for gifts to fill the empty space under their Christmas trees, hackers and scammers are lying in wait planning how to make it a very Merry Christmas…for them.
The Scam
Emails are being sent out as notices from shipping service companies. The message states that they (UPS, FedEx, DHL, etc.) showed up to your door to deliver a package you ordered, but no one was home. Now, you must download and print a form to take to the post office in order to avoid any fees, penalties or cancelled order. It will prompt you to click the link within the text or download the attachment to access this form. The scam is: there was no missed delivery because they aren’t really a delivery service and the link or attachment you’ve just clicked is actually a virus that is stealing personal information from your device.
The Federal Trade Commission noted in 2014 that this popular phishing scam becomes especially prevalent during the holidays, as this is the time of year when the most packages are being delivered. Now, in 2016, reported instances of the “missed package delivery scam” are at an all-time high.
How to Spot a Phishing Email
Cyber criminals will often make the emails look very convincing by including official logos and similar email addresses of reputable shipping service companies such as UPS, FedEx and the U.S. Postal Service to gain your trust. But, with some vigilance, you can be sure you don't fall victim to the scam. Some of the ways you can spot a phony email notice are:
- It asks for you to verify/ update financial or personal information – this is a big red flag. Reputable shipping companies will not ask you for this information via email.
- It asks you to take some type of action – any email that requests for you download a file, open an attachment or follow a link to their website should immediately raise some suspicion.
- The email address is altered – always be wary of email addresses that don’t match those listed on the company’s website. Be sure there are no numbers, dots, hyphens, underscores or any other unusual symbols included, as these could be signs of a phony email.
- The email contains no receipt or confirmation details from your order – shipping services will often include a receipt of your order, the product details and/or redacted payment information within the body of a message.
If you notice any of the signs mentioned above, delete the email immediately. Even if you opened the email to read it, as long as you haven’t clicked on any links or attachments you should be safe from damage. For more information on phishing scams, visit the FTC’s Consumer Information Phishing page.
Been a victim of this scam before?
If you have received an email like this in the past, feel free to share your story with us by submitting a complaint. You can also have your privacy-related inquiries answered by the PRC by using the ask a question feature on our website. If you’ve been a victim of this fraudulent act and are looking to protect yourself from possible identity theft, please take a look at our consumer guide How to Reduce Your Risk of Identity Theft or What to Do if It Happens to You.