COLUMBUS, Ohio (WCMH) — Online retailers aren’t waiting until Black Friday to kick off their holiday sales, and scammers aren’t wasting any time to take advantage of consumers.
Research from Checkpoint Software, a cybersecurity firm, found that 17% of phishing emails it reviewed in recent weeks were impersonations of shipping companies.
“I think what’s really different about this year is really the focus on the shipping and less on impersonating Apple, or Walmart, or Amazon, which have traditionally been are still the most impersonated brands on the internet,” said Tony Sabaj, Checkpoint’s head of engineering.
The phishing attempt can come in the form of a text message or an email claiming to be from a company, such as FedEx or DHL. The message will contain a link, typically presented as a way to track a package.
“(Consumers) they may order stuff — they don’t know what shipping carrier — you know — Walmart is using, or whatever online store,” Sabaj said. “Everybody wants to know exactly when their package is going to come. So they click on that link. And that link could be a link to a malicious website that then download some type of malware to the end user, it could be trying to steal credentials. It could be doing any number of things to a person’s computer or even stealing information from mobile phones.”
Fortunately, Sabaj said with the right knowledge, these phishing scams are easy to spot. Hovering the cursor over a sender’s name can reveal their full email address. If the domain is not affiliated with the shipping company or merchant, it’s likely fraudulent.
If you receive a text with a link, Sabaj said it will typically come in the form of a shortened URL. He suggests visiting sites such as checkshorturl.com, expandurl.net or urlexpander.net, where you can copy and paste the shortened URL to check its legitimacy.