momius – stock.adobe.com
With many retailers closed amid the second wave of the Covid-19 pandemic, delivery-related phishing scams more than quadrupled in volume across Europe during November 2020 amid record-breaking levels of pre-holiday online shopping. DHL accounted for 77% of the total volume of shipping fraud, followed by Amazon (37%) and FedEx (7%), according to Check Point.
In a new alert issued on 1 December, Check Point warned shoppers of a likely continued surge in phishing campaigns in which cyber criminals impersonate trusted delivery services to commit financial fraud.
Delivery scams will generally be designed to trick their recipients into disclosing their personal details by pretending to involve some kind of delivery issue or to offer shipment tracking, both playing on widespread fears around missed or lost deliveries.
Check Point also warned that malicious actors are targeting both ends of the online purchasing experience – having previously documented an 80% increase in phishing campaigns targeting online shoppers with bogus special offers. The Israel-based security firm reckons that one in every 826 emails delivered worldwide is currently a phishing attempt.
Omer Dembinsky, manager of data intelligence at Check Point, said: “Hackers are going after the entire online shopping experience, before and after people have made purchases. First, hackers will send ‘special offers’ to people’s inboxes from their favourite brands.
“Then, hackers will send an email about the delivery of purchases, even if you have bought from a trusted source. Now that Black Friday and Cyber Monday are over, we are turning towards the other side of the equation, which is deliveries.’
Dembinsky added: “Think twice as you open up any post-purchase emails this holiday season. The email could be from a hacker. Take a closer look at any email that alleges it is from Amazon, DHL or FedEx. Watch for misspellings. Beware of lookalike domains. It’s clear to us that hackers are targeting online shoppers at every step of the online shopping experience, where the danger is very real before and after you make a purchase.”
Globally, Check Point said it had recorded similar rises in phishing scams in both North America and Asia Pacific (APAC). It logged a 427% increase in phishing attempts in the US in November compared to October, with the leading impersonated brand in that geography being Amazon, which accounted for 65% of attempts. The increase in APAC was a less pronounced but still significant increase of 185%, with DHL accumulating 65% of the total number of scam emails.
The guidance on protecting yourself against a phishing scam remains largely unchanged. Users should: protect their passwords and never share or reuse credentials; be suspicious of any unsolicited password reset email; verify any URLs from an authentic website, never clicking on links in emails but running a search and visiting from there; check for lookalike domains that include spelling errors, different top-level domains (.uk, .com, and so on) or email addresses that do not match the purported sender – Amazon will never contact you from a Gmail address, for example; and note emotive language in an email designed to create a sense of urgency or uncertainty to lure you into clicking.
In this e-guide, we will explore the links between ransomware attacks, data breaches and identity theft. First, Nicholas Fearn investigates the phenomenon of the double extortion attack, and shares some insider advice on how to stop them, while we’ll explore the top five ways data backups can protect against ransomware in the first place.
Companies need to work on ensuring their developers are satisfied with their jobs and how they’re treated, otherwise it’ll be …
Companies must balance customer needs against potential risks during software development to ensure they aren’t ignoring security…
With the right planning, leadership and skills, companies can use digital transformation to drive improved revenues and customer …
Ransomware incapacitated Baltimore County Public Schools’ network just before Thanksgiving, but the school system said students’ …
A spokesperson for K12 told SearchSecurity that based on the current status of the investigation, the attack did not affect …
A security operations center can help lessen the fallout of a data breach, but its business benefits go much further than that. …
Celona 5G technology uses Citizens Broadband Radio Service spectrum to bring private mobile networking to the enterprise, …
Cisco DevNet certifications require a lot of time investment, but network pros who pursue the certifications say the gained …
Cloud automation use cases highlight the benefits these tools can provide to companies evaluating how best to manage and …
Finding the right server operating temperature can be tricky. ASHRAE standards provide guidance for all server classes and what …
These unexpected charges and fees can balloon colocation costs for enterprise IT organizations.
Off-site hardware upkeep can be tricky and time-consuming. With remote hands options, your admins can delegate routine …
Check out this excerpt from the new book Learn MongoDB 4.x from Packt Publishing, then quiz yourself on new updates and …
MongoDB’s online archive service gives organizations the ability to automatically archive data to lower-cost storage, while still…
Data management vendor Ataccama adds new automation features to its Gen2 platform to help organizations automatically discover …
All Rights Reserved, Copyright 2000 – 2020, TechTarget
Privacy Policy
Cookie Preferences
Do Not Sell My Personal Info