With many retailers closed amid the second wave of the Covid-19 pandemic, delivery-related phishing scams quadrupled in volume across Europe during November 2020 amid record levels of online shopping ahead of the holidays. DHL accounted for 77% of the total volume of shipping fraud, followed by Amazon (37%) and FedEx (7%), according to Check Point.
In a new alert issued on December 1, Check Point warned shoppers of a likely continued increase in phishing campaigns in which cybercriminals posing as trusted delivery services to commit financial fraud.
Delivery scams will generally be designed to trick their recipients into revealing their personal details by pretending to involve some kind of delivery problem or to offer shipment tracking, both playing on widespread fears about missed or missed deliveries.
Check Point also warned that malicious actors are targeting both ends of the online shopping experience, having previously documented an 80% increase in phishing campaigns targeting online shoppers with fake special offers. The Israel-based security firm estimates that one in 826 emails delivered worldwide is currently a phishing attempt.
Omer Dembinsky, data intelligence manager at Check Point, said: “Hackers look for the entire shopping experience online, before and after people have made purchases. First, the hackers will send ‘special offers’ to people’s inboxes from their favorite brands.
“Then the hackers will send an email about the delivery of purchases, even if you have bought from a trusted source. Now that Black Friday and Cyber Monday are over, we turn to the other side of the equation, which is deliveries. “
Dembinsky added: “Think twice when opening any post-purchase email this holiday season. The email could be from a hacker. Take a closer look at any email claiming to be from Amazon, DHL, or FedEx. Be on the lookout for spelling mistakes. Be careful with similar domains. It’s clear to us that hackers target online shoppers at every step of the online shopping experience, where the danger is very real before and after making a purchase. “
Globally, Check Point said it had seen similar increases in phishing scams in both North America and the Asia Pacific (APAC). In November, it registered a 427% increase in phishing attempts in the US compared to October, being the main brand impersonated in that geography Amazon, which accounted for 65% of attempts. The increase in APAC was a less pronounced but significant increase of 185%, with DHL amassing 65% of the total number of fraudulent emails.
The guide on how to protect yourself against a phishing scam remains largely unchanged. Users must: protect their passwords and never share or reuse credentials; be suspicious of any unsolicited password reset email; Check the URLs of an authentic website, never click on links in emails, but run a search and visit from there; check for similar domains that include misspellings, different top-level domains (.uk, .com, etc.) or email addresses that do not match the presumed sender; for example, Amazon will never contact you from a Gmail address; and notice the emotional language in an email designed to create a sense of urgency or uncertainty that prompts you to click.