A Phishy Holiday

Naughty or nice, we all know that jolly Santa will eventually make it down your chimney. Whether old Saint Nick is wearing his signature red suit this year, or a courier delivery uniform, you can be certain cybercriminals are also looking for ways to take advantage of the naughty-or-nice list. This holiday season, cyber- grinches around the world are preparing to dampen your holiday spirit.

Delivery phishing is fake delivery notifications received in your email — they look very legitimate, as if they’ve been delivered directly from your local postal service. These nefarious emails often ask you to transfer money for some urgent tax reasons or to schedule a delivery time with them to avoid having the package returned. Many of the messages also contain a link that, when clicked, takes you to a spoofed payment processing website or causes the download of annoying malware. Be extra vigilant when it comes to delivery notifications during the holidays. 

Delivery smishing is fake delivery notifications via text messaging. They frequently include links asking you to check the status of delivery, or because there may be an issue with your delivery, or that you need to transfer money to complete your delivery. Remember to examine any messages about incoming deliveries before clicking any strange links from unknown sources. Cybercriminals might want your personal information, your money, or to install malware on your device.

How to protect yourself from delivery phishing and smishing:

  1. Learn how to identify legitimate website links (URLs) and email addresses. Verify online that they match the company’s official website address or email address.

www.realdeliverycompany.com vs. www.rea1de1iveryc0mpany.com

urgent@yourdelivery.com vs. urgent@yourde1ivery.com

ups@ups.com vs. ups@ups-is-the-best.com

2. An official delivery notification will never send you a link using common link-shortening services such as Bitly or TinyURL. They will never look like this: bit.ly/urgent-delivery-request. 

3. Always track shipped packages using the tracking code you received with your order purchase confirmation. You can use the tracking number to verify whether your package is on the way and where it currently is located.

4. If you’re asked for payment, carefully review the reason and all details before paying anything. There may be legitimate reasons for extra charges in some cases, such as taxes or tariffs, or the unexpected size/weight of the item. Regardless, these requests should always originate from legitimate sources. If in doubt, contact the delivery company directly using the contact information listed on their official corporate website.

Delivery phishing emails often ask you to transfer money for some urgent tax reasons or to schedule a delivery time with them to avoid having the package returned.

Contact Global Learning Systems today to learn more about our security awareness and anti-phishing training to help your employees learn best practices to keep information safe at home, at work, and on the go.
GLS Logo

Enjoying our cybersecurity blogs?

Try out our weekly security awareness tips, sent directly
to your inbox.
GLS Logo

Your download is complete!

Need more training?