Attention online holiday shoppers! Phishing attacks peak during the holidays. Beware.
There’s many creative and carefully crafted phishing emails being sent out by cyber criminals this 2018 holiday season starting right before Black Friday and Cyber Monday. We’re taking a close look at some popular variations and reminding you not to click on any links, no matter how credible and urgent these emails appear.
EXAMPLE 1 “USPS Delivery Failed” phishing email
Cybercriminals are posing as the U.S. Postal Service targeting consumers with phishing emails claiming packages are undeliverable. Next, potential victims, click on the fake tracking numbers that can download malicious software to their computers.
This malicious software could possibly include ransomware, which will freeze your computer, making it useless until a large sum of money is paid to the cybercriminal. Another possible malicious software can be spyware, which tracks all your computer activity including stealing your personal and financial information.
Be on the lookout for suspicious looking emails disguised as reputable delivery companies such as FEDEX, USPS, DHL, UPS, etc.
These email may appear to look very authentic, including company logos, fake tracking numbers, or even bar codes.
Subject line example: “USPS Deliver Failed for parcel #59838769273762876″
Dear [EMAIL], hereby we notify you that your delivery tracking #650087 has FAILED to be delivered at the destination address. To claim your package or initiate a new delivery attempt please use the attached document.
Feel free to contact us with any further questions.
Call 1-800-ASK-USPS® (800-275-8777)
M-F – 8:00am-8:30pm ET
Sat – 8:00am-6:00pm ET
Sun/Holidays* – Closed
- Beware of any emails asking you to open an email attachment or click on a link.
- The USPS won’t email residents about parcels. They will only call you or leave a notice.
- Here’s a link to 87 examples of bogus USPS spam emails on the USPS website
EXAMPLE 2 “Fake Order Confirmation” phishing email
Shopping online? Many cybercriminals are also creating phony online order confirmation emails claiming to be from big retailers like Target, Wal-Mart, Costco, Home Depot, Amazon, etc. They may also include logos from the companies and appear realistic.
You may receive phishing emails disguised as a major retailer with a subject line such as:
- “Thank you for your order”
- “Order Confirmation”
- “Thank you for ordering from [company name]”
- “Order Status”
EXAMPLE 3 “Paypal Unusual Activity” phishing email
Sure, with all the online shopping you’ve been doing, perhaps you used PayPal. However, when hovering over the link, you’ll see it’s not going to PayPal. Don’t click! “Urgent” Emails such as this one rely on you to take immediate action, therefore you’re less likely to take your time and closely examine the email.
Therefore, if you happen to receive a spam message similar to the examples above, it’s strongly recommended that you:
- Do NOT download or open any attached files.
- Do NOT click on any links
- Delete the email immediately.
Our recommendation for email security:
Proofpoint Essentials – The #1 Cloud based email security solution. Filter your emails in the cloud before they enter your network!
Email threats are constantly evolving. Are your defenses?
Proofpoint Advanced Email Security is a complete solution for email threats and continuity. No other email defense protects you against a broader range of advanced email threats, such as holiday spam mentioned here.