PSA: Watch Out For Package Scams

If you receive a message regarding a package from a personal phone number, you should immediately block the sender and delete the message.

For many reasons, consumers have shifted to online shopping. 2021 Black Friday sales numbers resulted in $8.9 billion in revenue alone. Unfortunately, the combination of increased online shopping, desperation to get deals, and tracking their purchases create a ripe environment for cybercriminals. Scammers craft very convincing phishing attacks via email or text (smishing) messages alerting consumers to order updates, shipping delays, and other mishaps. The Federal Communications Commission (FCC) warns that package delivery attacks can steal personal and financial information and deliver malicious payloads, including ransomware. 

Be cautious of delivery notification scam messages and calls

With the holiday season full swing, consumers want to know that their packages will be delivered on time. Thus, holiday package schemes can be a highly successful attack for phishers. The Federal Communications Commission (FCC) warns that these package delivery attacks can steal personal and financial information and deliver malicious payloads, including ransomware. 

According to a cybersecurity company, Proofpoint, researchers have identified a significant increase in holiday-themed smishing attacks, almost double over last year.

Scammers are sending realistic-looking text messages and emails and making phone calls posing as shipping and package delivery companies.

The messages will often contain a link to an incorrect tracking number, which either directs the user to a phishing website or directly downloads malware onto the device used to access the message. The messages often imitate the branding of large courier companies, which can add to their perceived legitimacy. 

Additionally, the messages typically ask the intended victims to verify private information and payment details to "reschedule" the delivery as an attempt to commit identity of financial fraud.

In a different variation, false package delivery notifications contain attachments with once clicked to open, install malware like ransomware on the individual device or network. 

Don't be a victim of a package scam

Here's how to protect yourself during the most wonderful time of the year.

• Do not open suspicious emails or click any links, and especially do not open attachments contained in unsolicited messages
• Be cautious when visiting unknown websites
• Do not provide personal or account information when asked
• Be careful what information you share on social media. Those quizzes that float around on social media may seem like fun, but they can provide identity thieves with the necessary information to impersonate you or answer specific challenge questions
• Be suspicious if a message requires an urgent or immediate response 
• Update all of your passwords and activate two-factor/multi-factor authentication on all of your accounts. This added layer of security will send you a notification immediately if there is an unauthorized login attempt.
• Safeguard your personal information looking for tell-tale signs of phishing messages like suspicious links and improper grammar 

If you do not know the sender of a message, email, or phone call, it is not safe to tap or click links. If a message looks fishy, you're better off reporting and blocking the number and deleting the message.

Source: CUNA Mutual Group, 2021