Holiday Package or Scam Message? Clickers Beware

Holiday Package or Scam Message? Clickers Beware Javvad Malik KnowBe4As we enter the holiday season, we start getting bombarded with amazing offers and often take advantage of not only grabbing ourselves a bargain, but also stockpiling gifts for friends and family. During this time, not a day goes by where we do not receive a couple of packages, to the extent that we often become friendly on a first name basis with the delivery drivers.

With so many incoming packages, it can be easy to forget what one has ordered until after they open the box. A friend of mine referred to this as Amazonesia – the act of ordering something from Amazon and then completely forgetting about it until it arrives. While a forgotten order can end up being a pleasant surprise, it does allow criminals and scammers to take advantage of the situation with package delivery scams. 


One of the most popular scams is where you receive an SMS or email telling you that a package is inbound, with a link to track the package or by some other hook to entice you into clicking the phishing link. Oftentimes, they will convey a sense of urgency, such as asking people to click to confirm their order or it will be returned and they could be charged. Clicking the link can infect your device with malware, or it may direct you to a form that requires personal information or payment information, which can allow criminals to steal your identity or money. 

Another slight variation on this scam is the missed package trick, where you may receive an email or a physical note through your letterbox claiming that an attempt was made to deliver a package to you but failed. There is either a link or sometimes a phone number provided and you are asked to call to reschedule the delivery. Whether it is a link or phone call, in both cases, you will be asked to provide personal details as in the first variation. 

Some of the red flags to look out for include:

  • Unexpected requests for money
  • A sense of urgency to take immediate action
  • Requests for personal or financial information
  • Unfamiliar or misspelled domains

It is always better to be prudent. If you receive suspicious emails, SMS or phone calls, rather than clicking on the link provided, instead go to the delivery carrier's website directly or use the retailer's tracking tools to verify the sender's identity to avoid these types of scams.

Get Your Free 2023 Holiday Security Awareness Resource Kit

It's the busiest time of year for everyone, especially cybercriminals. They know surges in online shopping, holiday travel and time constraints can make it easier to catch users off their guard with relevant schemes. This makes one of the busiest times of year one of the most important times for your employees to stay vigilant against cybersecurity threats.

 That's why we put together this resource kit to help ensure no chunks of cyber-coal end up in your employees’ stockings this season! Use these resources to help your users make smarter security decisions every day.

Holiday-Resource-Kit-2023Here's what you'll get:

  • New! Holiday Cybersecurity World Passport interactive game
  • Two free holiday training modules, available in multiple languages
  • Resources to share with your users, including an educational video, plus security documents and digital signage to reinforce the free modules included in the kit
  • Newsletters about holiday shopping and travel safety for your users
  • Access to resources for you to help with security planning for the upcoming year

Get Your Free Resource Kit Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews