Delivery Notice Phishing
Picking a Target
Phishing operators want to get the most bang for their buck just like the rest of us. How do cybercriminals do this? By targeting groups with a lot of people in them.
Eighty percent of Americans shop online. Whether to avoid the crowds, to take advantage of a good deal, or to ship directly to that friend or family member out of town, many of us buy online. That means many of us expect to get delivery notices to our email or mobile phone. Updates are great, but beware clicking through. Cybercriminals are hoping you won’t pay attention
What Threats Are Out There?
How many variations on the standard phish can you imagine?
Phishing emails or texts have included links to download fake package tracker apps. Only after the app was loaded did the victim discover they had loaded malware onto their devices.
Some phishing schemes pose as tracking notices that link to pages asking to “confirm” a victim’s identity. The information gathered was useful in stealing their identity. It also could have been used to
Certain phishing failed delivery notices claim the shipping was $2.20 short and steal from victims directly.
Typosquatting sites do not depend on a text or email lure. The lure is the website itself, which is spelled similarly to the true website. When a victim keys in the website name incorrectly and finds the sort of form they anticipated, they fill in the requested credentials without a second thought. The bad actors then have the proper credentials to enter at the true website and gain control over the victim’s delivery account. (Typosquatting is not exclusive to delivery notice phishing.)
How Can You Avoid Taking the Bait?
Let's keep it simple.
- Do not...
- ...download any order or package tracking app you did not find from the carrier itself.
- …give out personal information to track a package. All you should need is your tracking number.
- …pay shipping for an item separate from when you ordered it.
- …click on a shipping link sent to your email or mobile phone unless you specifically requested it.
- …bookmark the webpages for popular delivery companies so you do not enter a typo and go to the wrong site.
- …track your package either from the delivery company’s app or by visiting your bookmarked website.
- ...enable multifactor authentication whenever possible.
- ...keep your eye out for any other phishing red flags.
If you’re interested in a more in-depth look, you can get more details on how one recent delivery notice phishing scheme works from Brian Kreb’s blog here.
Can Frontline Help?
Managed IT clients have access to email security features like filters that keep the bulk of phishing attempts out of your inbox. Filters will never catch every attempt, but they certainly help! So can ongoing phishing awareness training, which is also available.
ABOUT FRONTLINE TECHNOLOGY LLC
Frontline Technology is one of the only ministry-focused IT companies that is led by pastors and ministry leaders. With over 20 years' experience serving organizations of all sizes, Frontline understands the unique needs, budgets, and technology challenges of nonprofits.
Technology is often perceived as complicated and expensive. Many nonprofits struggle to implement the technology solutions and security needed to drive their mission forward. Frontline Technology helps nonprofits overcome their technology challenges so they can stay focused on their mission.
For nonprofits of every type and size: We Keep IT Simple
Frontline Technology is one of the only ministry-focused IT companies that is led by pastors and ministry leaders.