Delivery notifications could dampen the festive mood this holiday as cybercriminals exploit users’ online shopping sprees with phishing messages masquerading as genuine emails from big name delivery brands
Delivery notifications could dampen the festive mood this holiday as cybercriminals exploit users’ online shopping sprees with phishing messages masquerading as genuine emails from big name delivery brands. Research from Kaspersky Lab finds that DHL and FedEx users are being heavily targeted by scammers during the holiday period.
The fraudsters aim is clear: to trick unwitting users to either download a malicious program or enter their confidential data on a phishing site. In one example identified by Kaspersky Lab, an email suggests that the customer’s shipment is at a DHL office but that the recipient needs to follow a link within 48 hours and enter details on the tracking page, otherwise it will be returned to the sender.
However, instead of leading to a DHL site the link takes the user to a phishing page made to look like DHL, where they are prompted to type in their personal information. What makes this scam more convincing and seemingly legitimate to the user is that they are then re-directed to the official DHL website once their details have been gleaned by the scammer. Similar messages have been sent in the name of FedEx, where the victim is directed to a phishing site to enter their account credentials.
“Whilst there is nothing new about these types of scams, they are still proving a successful way for cybercriminals to access user accounts as efforts to dupe unsuspecting victims become more convincing. Amid the chaos and shopping frenzy of the holidays, Internet shoppers receive a vast number of emails from retailers about their purchases. This makes them less likely to spot or scrutinize suspicious emails, increasing the risk of unwittingly giving away their details and access to their account which could ultimately result in monetary theft or worse,” comments Andrey Kostin Senior Web Content Analyst at Kaspersky Lab.
To ensure you don’t fall foul of phishing messages, Kaspersky Lab advises Internet users to remain attentive and vigilant, especially during the holiday period when the risk increases. Never click directly on links in email messages but manually type and visit the URL of the site to ensure the request is genuine. If a page prompts you to enter confidential data, always check the URL in the address bar first and if anything looks suspicious, think twice before entering your details.
To add an additional layer of security and peace of mind, ensure your security software is up to date and includes an anti-phishing tool, such as one in <a href="http://me.kaspersky.com/en/multi-device-security">Kaspersky Internet Security – multi-device</a>, to help keep your personal details safe and your money secure, to ensure you have a happy holiday.
Read more about holiday phishing scams on Securelist.com