Cyber Scammers Beef Up the Number of Fake Delivery Websites Just in Time for Christmas

Cyber Scammers Beef Up the Number of Fake Delivery Websites Just in Time for ChristmasCybersecurity researchers at Group-IB have identified a single scam campaign leveraging over 1500 websites impersonating postal carriers and shippers leading up to Christmas this year.

Scammers are always taking advantage of those current trends that involve the potential for heightened emotions.  During tax season it’s tax returns. During the NBA’s Final Four, it’s about sports betting or tickets to the game. 

But during Christmas, one of the scams that keeps coming back is anything related to shipping — whether you’re trying to get a package somewhere at the last minute or receive a notification that something’s wrong with one of “your” deliveries, scammers can easily impersonate shipping carriers with little concern that victims will notice, as they are far too focused on ensuring their package gets where it needs to go!

According to new research from Group-IB, a total of 1,539 phishing websites impersonating postal operators and delivery companies since November.  But it was the first 10 days of December that shows just how much emphasis is on this type of scam.  According to the research, the first 10 days of December saw 34% more fake websites created than the last 10 of November.

Group-IB Image

Source: Group-IB

Using email- and SMS-based messages regarding “urgent” or “failed” delivery notifications, these scammers use typosquatted (lookalike) domain names to hide their true intent.

While it’s most likely that the intent of such scams is to harvest credit card and login details, it’s possible for organizations to be the actual target, given every one of your employees is doing some personal shopping-related web surfing on company computers.  So it makes sense that, despite the fact that Christmas is over, because it will be around next year, employees enroll in new-school security awareness training.

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews