Holiday Package or Scam Message? Clickers Beware



Holiday Package or Scam Message? Clickers Beware Javvad Malik KnowBe4As we enter the holiday season, we start getting bombarded with amazing offers and often take advantage of not only grabbing ourselves a bargain, but also stockpiling gifts for friends and family. During this time, not a day goes by where we do not receive a couple of packages, to the extent that we often become friendly on a first name basis with the delivery drivers.

With so many incoming packages, it can be easy to forget what one has ordered until after they open the box. A friend of mine referred to this as Amazonesia – the act of ordering something from Amazon and then completely forgetting about it until it arrives. While a forgotten order can end up being a pleasant surprise, it does allow criminals and scammers to take advantage of the situation with package delivery scams. 

 

One of the most popular scams is where you receive an SMS or email telling you that a package is inbound, with a link to track the package or by some other hook to entice you into clicking the phishing link. Oftentimes, they will convey a sense of urgency, such as asking people to click to confirm their order or it will be returned and they could be charged. Clicking the link can infect your device with malware, or it may direct you to a form that requires personal information or payment information, which can allow criminals to steal your identity or money. 

Another slight variation on this scam is the missed package trick, where you may receive an email or a physical note through your letterbox claiming that an attempt was made to deliver a package to you but failed. There is either a link or sometimes a phone number provided and you are asked to call to reschedule the delivery. Whether it is a link or phone call, in both cases, you will be asked to provide personal details as in the first variation. 

Some of the red flags to look out for include:

  • Unexpected requests for money
  • A sense of urgency to take immediate action
  • Requests for personal or financial information
  • Unfamiliar or misspelled domains

It is always better to be prudent. If you receive suspicious emails, SMS or phone calls, rather than clicking on the link provided, instead go to the delivery carrier's website directly or use the retailer's tracking tools to verify the sender's identity to avoid these types of scams.


Get Your Free 2024 Holiday Security Awareness Resource Kit

It’s not just you and your organization getting busier during the holiday season. Cybercriminals are also working overtime! This makes one of the busiest times of year one of the most important times for your employees to stay vigilant against cybersecurity threats.

That's why we put together this resource kit to help ensure cybercriminals’ extra effort this season is for nothing! Use these resources to help your users make smarter security decisions every day.

Holiday-Resource-Kit-2024Here's what you'll get:

  • New! The Gift of Awareness: Holiday Cybersecurity Essentials training module
  • Two free holiday training modules, available in multiple languages
  • Security documents and digital signage to reinforce the free modules included in the kit to share with your users
  • Newsletters about holiday shopping and travel safety for your users
  • Resources for you to help with security planning for the upcoming year

Get Your Free Resource Kit Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/free-holiday-resource-kit



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews