The holiday season is prime time for cyber criminals to take advantage of unsuspecting cyber shoppers.  More online shopping means people are receiving more emails about the shipment and deliveries of their orders and cyber criminals are actively looking to take advantage of this with phishing emails impersonating internationally known shipping companies. And while these campaigns predominantly target consumers, they’re also dangerous to businesses as well.

The emails are designed to look like they come from shipping companies and retailers and feature messages claiming that there’s been a “delivery issue” or urging users to “track your shipment”.  In some cases, the phishing emails – which have all the appropriate branding of the delivery firm they’re mimicking – will claim that potential victims need to make an additional payment to secure their item, directing them to a page which is used to steal their personal information, including name, address and credit card details.  Alternatively, cyber attackers design phishing emails which ask users to click on a link to login to their account to solve an issue. This malicious link directs victims to a fake version of the delivery company’s web page which sends the email address and password to the attacker.

While it may first appear that this form of phishing attack is predominantly a risk to consumers, some people could have online shopping accounts tied to their corporate email addresses, and use the same passwords, something which is a very bad idea.  That means malicious hackers could potentially use these attacks as a gateway to gaining entry to corporate networks – something that could me much more lucrative than stealing bank account information.

It only takes a few moments of inattention for a user to be tricked by these scams – especially as they play on peoples’ expectations of receiving goods they may have ordered – and given the large numbers of people still working from home, this is exactly what hackers are relying on.

What to do?

The key is to ensure your staff is well informed on phishing techniques.  User training and reinforcement is essential.

If users are concerned that a request could be legitimate, they should not follow links in the email, but they should visit the retailer or shipping company page directly

What can you do to when this happens to you?

If you think your network security has been breached shut the network down and identify any malware/viruses / or data exfiltration.  Mitigate the breach and notify affected users/organizations. Reinstate the network using a known “clean” backup.


That email about your delivery could be fake: Phishing scammers increase their attack on online shoppers | ZDNet