Cybersecurity researchers at Group-IB have identified a single scam campaign leveraging over 1500 websites impersonating postal carriers and shippers leading up to Christmas this year.
Scammers are always taking advantage of those current trends that involve the potential for heightened emotions. During tax season it’s tax returns. During the NBA’s Final Four, it’s about sports betting or tickets to the game.
But during Christmas, one of the scams that keeps coming back is anything related to shipping — whether you’re trying to get a package somewhere at the last minute or receive a notification that something’s wrong with one of “your” deliveries, scammers can easily impersonate shipping carriers with little concern that victims will notice, as they are far too focused on ensuring their package gets where it needs to go!
According to new research from Group-IB, a total of 1,539 phishing websites impersonating postal operators and delivery companies since November. But it was the first 10 days of December that shows just how much emphasis is on this type of scam. According to the research, the first 10 days of December saw 34% more fake websites created than the last 10 of November.
Source: Group-IB
Using email- and SMS-based messages regarding “urgent” or “failed” delivery notifications, these scammers use typosquatted (lookalike) domain names to hide their true intent.
While it’s most likely that the intent of such scams is to harvest credit card and login details, it’s possible for organizations to be the actual target, given every one of your employees is doing some personal shopping-related web surfing on company computers. So it makes sense that, despite the fact that Christmas is over, because it will be around next year, employees enroll in new-school security awareness training.
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
