Beware of fake notices of package delivery: Emails and phone calls and texts, oh my!

The coronavirus pandemic has upended global delivery systems as countries around the world have shut their borders and companies reduce their workforce. The problem has been compounded by the fact that millions are stuck at home with extra time, ordering hundreds of dollars worth of goods. As we continue through the holiday season, we will begin to see an increasing number of delivery scams, so we would like to give you a few tips to identify these scams.

Fake package delivery update emails, text, and phone calls are a form of phishing being used to install malware and steal personal information. These delivery emails appear to come from the U.S. Postal Service, UPS, FedEx, or other reputable delivery services. Clicking a link in one of these notices can install malicious software on your device in an instant.

The scammers are up to new tricks! 

Additionally, a new text/call message scam has been making its way around the country, trying to trick people into entering their credit card information by purporting they have a package to claim. Many are beginning to receive messages with wording similar to this: “[Name], we came across a parcel from [a recent month] pending for you. Kindly claim ownership and confirm for delivery here," along with a link. This is a great example of scams of this kind and while they may be slightly different they will follow this general format.

If you are unsure if a delivery notification is legitimate, do not click any links in the email or download any attachments. You can copy the tracking link and paste it into the delivery company’s website or refer back to the tracking information you received from the company you purchased from.

HOW TO IDENTIFY FRAUDULENT DELIVERY NOTIFICATIONS

  • Hover your cursor over links in the email to see where they lead.
  • Legitimate delivery emails will never ask for personal information, financial information, or passwords through email.
  • Look for grammar and spelling errors.
About Ironnet
Founded in 2014 by GEN (Ret.) Keith Alexander, IronNet Cybersecurity is a global cybersecurity leader that is revolutionizing how organizations secure their networks by delivering the first-ever Collective Defense platform operating at scale. Employing an extraordinarily high percentage of former NSA cybersecurity operators with offensive and defensive cyber experience, IronNet integrates deep tradecraft knowledge into its industry-leading products to solve the most challenging cyber problems facing the world today. Follow IronNet on Twitter and LinkedIn.