Online shopping offers the timeliness and convenience consumers need to keep up with their busy lives – especially during the holidays. E-commerce is expected to grow by 25-35% during the 2020 holiday season and surpass $180 billion in sales for November, December and January1. As you’re waiting on your holiday packages to arrive this season, be careful to avoid getting caught in an emerging phishing scam, which could corrupt your device or jeopardize your financial standing.
Cybercriminals are sending text messages and emails disguised as FedEx, the United Parcel Service (UPS) or the U.S. Postal Service (USPS) as a ploy to get you to click on a link under the claim of “updating your delivery preferences.” However, clicking on one of these in-message links could unleash malware onto your device or take you to a website where you will be prompted to complete a customer satisfaction survey with a chance to win a free prize. But here’s the catch: To get the “free prize,” you will need to enter your credit card number to pay for shipping.
These phishing or “spoofing” tactics are often convincing; in many cases, they use the recipient’s name and include seemingly-legitimate information such as a tracking number. Plus, consumers may be placing many online orders throughout the holiday season and receiving actual text and email delivery updates, which make the fakes even tougher to spot.
If you receive a text message or email from a delivery carrier about a package, start by asking yourself:
- Am I expecting a package?
- Did I recently send a package?
- Did I sign up for text or email notifications?
Next, you’ll want to look for common red flags within the email or text, which could point to it being a scam, including:
- Uncommon phone numbers – Legitimate delivery alerts will typically all come from the same phone number. If you receive text notifications from various, unrecognizable numbers, they are likely fake.
- Ploys for immediate action – Cybercriminals will likely try to convince you to act fast to trick you into revealing information you otherwise would not. These messages may include “urgent” text such as, “Final alert about your delivery,” or “Your account is about to be suspended.”
- Requests for information – FedEx, USPS and other delivery services will not ask for your personal or financial information in exchange for a parcel. Any communication dictating otherwise may be fraudulent.
- Common errors – Messages with spelling and grammatical errors, several exclamation points or altered web addresses such as “fedx.com” or “fed-ex.com” are warning signs of a scam.
Take action and stay protected
Upon identifying the text or email you have received is part of a scam, there are several steps you can take to ensure your personal and financial security, as well as help stop the spread.
- Do not open the link
This is likely the most important step in defending your device and financial account from hackers. If you receive an unexpected alert about a package, do not click on any links. Legitimate companies will not ask for any account information over text or email.
- Go to the source
An easy way of finding out if the package in question is real or fake is copying the provided tracking number in the message, navigating to the company’s direct website and pasting it in the tracking search bar. If the tracking number does not exist, the message is likely a scam.
- Contact the company
If you are uncertain if the package is real or not, you can also contact the company using its actual website or phone number. Many delivery companies are aware of this scam and will be happy to help you get to the bottom of it.
- Report the scam
Another crucial step in attempting to bring these scams to a halt is reporting each notification. Forward any fraudulent email or text message claiming to be sent from FedEx to firstname.lastname@example.org and from UPS to email@example.com. Additionally, you can report malicious activity to the Federal Trade Commission by forwarding spam texts to 7726 (SPAM) and emails to ftc.gov/complaint.
Scammers are leveraging new channels every day to gain access to our sensitive information, so it’s important to take every step to protect yourself and your wallet. Click here for information on more phishing and cyber schemes.