[Scam Of The Week] Don't Fall For This Tricky: “Start your 2020 with a gift from us”

scam_of_the_week-1Paul Ducklin at Naked Security warned us about a scam that just surfaced and promises a gift by courier from overseas where the other person hasn’t told you what they’re sending – the courier company doesn’t deliver the item directly.

Sometimes you get an email saying that the item is delayed because customs want to inspect it; or there’s import duty; or there’s an extra fee if you can’t collect it from the depot yourself. And to help you get through the paperwork easily, there’s often a tracking code and a clickable link in the email.

You can see where this is going, because cybercooks love to copy real life on the grounds that it’s easier to lull you into a false sense of security when you’re following a process that feels familiar. Like this email that a Naked Security reader received last weekend:


A free Macbook Pro for just $1! Yeah, right.

As we mentioned above, scams like this aren’t so far away from real life, because emails from courier companies that document unexpected import and delivery charges are not that unusual and neither are gifts during the holiday season. Moreover, being gifts, they’re often a surprise that you don’t find about until either you or customs officials open the package. Well, don't fall for this kind of seasonal trick.

I suggest you send the following to your employees, friends and family. Feel free to copy/paste/edit: 

ALERT: Bad guys are sending phishing emails that claim you there is a free New Year's gift from overseas waiting for you. It's a scam. Here are a four reminders about phishing emails like this:
  • Beware free gifts. Seriously, there is no such things as a free lunch. Don’t give out personal data to organizations or people you’ve never heard of. 
  • Beware courier emails. When sending or receiving items by courier, get in contact with the recipient or sender by phone – to let them knows about the courier company you’re using and to provide a tracking number you can both trust.
  • These days most cybercriminals are using "HTTPS" websites because everyone expects a padlock in the address bar. But the padlock doesn’t mean you are on a legit site, just that you are on a site with an HTTPS certificate.
  • Do not click on links in emails. Ever. Go to your browser and type in the address of the site.

If you are a KnowBe4 customer, we have a ready-to-send template for you under our Current Events category. I suggest you send it to your full user population very soon. Here is how it looks:


Let's stay safe out there. Below is a link to our new free Phishing Security Test translated in 20+ languages !

Warm regards,

Stu Sjouwerman,

Founder and CEO, KnowBe4, Inc.


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe To Our Blog

Ransomware Has Gone Nuclear Webinar

Get the latest about social engineering

Subscribe to CyberheistNews