Scammers are taking advantage of the situation to solicit random people with e-mail messages asking them to pay a small extra amount, typically just a few bucks, to complete a delivery. The message makes it impossible to identify the parcel; the scammers are clearly counting on people to be overwhelmed or absent-minded, in a rush or simply curious. The recipient is pointed toward a fake postal service website where they can make the payment.
Message from a delivery service
The scam begins with an e-mail notification that appears to come from a well-known delivery service. The messages are sent out in various languages, and the names of the postal services with which the messages purportedly originated vary according to region. The imitations aren’t perfect: Among their other red flags, all of the phishing samples we reviewed were sent from random addresses unrelated to any of the official postal service e-mail addresses.
Phishing e-mail messages in multiple languages appearing to come from various well-known postal services.
According to the notification, an order could not be delivered because of an incorrect address, extra charges for unforeseen expenses, or some other vaguely plausible reason.
Phishing e-mails that look like messages from a postal service asking the recipient to pay extra for parcel delivery.
The recipient is then asked to pay a small amount (not exceeding €3), supposedly to ensure delivery. The senders provide a link to what looks like a delivery service website but is actually a phishing page.
Users who fall for the trick click the link, go directly to the payment page, enter personal information and bank card details as requested, and finally provide a verification code from a text message.
On the fake website, users are asked to enter some personal information, bank card details, and finally, a code from a text message to verify the transaction.
How to keep your cash safe
Protecting your funds from scammers is absolutely within your reach. Follow these few basic rules of digital hygiene to keep your money for yourself:
- Keep basic track of your deliveries. If you place so many orders that you cannot remember them all, keep a running file or jot down a list of orders you have outstanding.
- Avoid clicking on links in e-mails, particularly if you’re not entirely sure they’re legit, and never enter personal or payment details on a page that opens from such a link.
- In case of doubt, contact the delivery service over the phone to find out what is going on. You can also find a parcel’s tracking number in the order or shipment confirmation and check the delivery status on the service’s official website.
- Install a reliable antivirus solution with protection from phishing and online fraud.
Author: Tatyana Shcherbakova.