The Holiday season is almost in full swing – and we are all expecting something nice. With the increase of online shopping and subsequent deliveries, cybercriminals have gotten quite adept at creating fake delivery phishing scams. These delivery-phishing messages have been on the rise in the past few years. They are widespread and common in all languages.
There is a good reason to be on the guard when getting delivery messages via email or text messages. This year AwareGO teamed up with the Icelandic Post for an awareness video on online delivery phishing scams. We’re sharing it to one and to all this Holiday season. It demonstrates how the cyber-Grinches try to steal the holiday cheer with fake delivery notifications.
The language of phish
Why collaborate with Iceland Post? Well, even though we work globally AwareGO is at its roots and Icelandic company.
Iceland is a small island in the middle of the Atlantic Ocean. Only around 370,000 people speak Icelandic, a complex and very rare language. Despite this fact it isn’t too small or obscure for cybercriminals. Every year thousands of delivery phishing scams are sent to Icelanders in the name of Iceland Post and other delivery services. Nations with globally spoken languages and millions of people must therefore be an even more desirable target. If Icelanders aren’t safe from cyber attacks and phishing scams, we can assume that no one is.
Delivery phishing scams are becoming more elaborate than ever before. They are often very exact clones of the official delivery and shipping messages. One of the unintended consequences of better machine translation is that cybercriminals can now target even larger geographic areas with accurate text messages!
How to avoid falling for delivery phishing scams
To avoid falling for delivery phishing scams – there are few things that you should keep in mind:
- An official delivery service will only use their official domain for any sort of communication. They will never use a link-shortening service such as tiny-url or bit.ly to lead you to their website.:
a) Check if the email has the correct domain: [email protected] (correct) vs. [email protected] (wrong)
b) Hover over links with your mouse to reveal where they lead. Make sure they have the correct domain: localdeliveryservice.com (correct) vs. localdeliveryservice123.com (wrong)
Click the sender’s address and hover over links before you react.
- Instead of clicking the link in the email, type the correct domain of the delivery service into your browser. On the official site, check the tracking number if one has been provided. If they have no record of the package the email is a scam. Delivery emails that don’t provide a tracking number are likely also scams.
- Sense of urgency is often an indicator of phishing. Messages that create a sense of urgency – act now or the holidays are ruined – are a common sign of phishing.
- If you’re expecting a package, follow the tracking via the official tracking service of your delivery service. That way you know when they’re coming, and are not easily fooled by delivery phishing scams.
Every year hundreds of millions are stolen from the general public due to phishing scams. Make sure to stay safe. Stop – Think – and Double check whether things are looking good and fine before acting on something. There is no reason to let the cyber-Grinches of the world steal your holiday cheer!
Happy Cybersecure Holidays from the AwareGO team
Sign up for our newsletter so you won’t miss out on more free videos and great cybersecurity advice. If you need cybersecurity training for your organization you can try our platform and content out for free! No credit card or commitment needed.
