As the holiday season is in full swing and gifts are getting delivered, don’t fall victim to delivery phishing scams. We’ve all been there, receiving that email or text message, “We were unable to deliver this package, please click this link to schedule a redelivery attempt or a pickup.”
The email may look like it came from the USPS, FedEx, UPS, or another delivery service, it will usually have the logo, a phone number, and maybe an official looking signature. The email definitely has either an attachment to download or a link to click. Oddly though, this email didn’t come from the store in which you purchased. The message didn’t even come from the delivery service. The message instead came from what appears to be a spoofed email address or a personal email account.
Or maybe you received a text message claiming to be from one of those same delivery services companies. The text states “you have a package and a delivery was attempted.” It also states “you need to reschedule delivery,” and you need to “click the link to reschedule.”
Verify your delivery
Many of us may have made holiday purchases and had them delivered to our small businesses so our loved ones do not see the gifts we have purchased for them. Or maybe the deliveries we are expecting are our standard business deliveries. It is that busy time of year when we can lose track of what we’ve ordered. Cybercriminals are hoping we do just that too, because of this, it is extra important to stay organized. You need to remember what you ordered, from where, when the delivery is expected, and its carrier. So when we get messaged an update, we can quickly assess the message as a scam or legitimate.
Steps you can take
When in doubt, always double check, maybe even triple check before you click that link or open that attachment. These emails and texts have become more sophisticated and aren’t nearly as easy to quickly identify. Here are a few key questions to ask yourself:
- Were you expecting a package?
- Was your package already delivered?
- Was your package supposed to arrive when the attempt was made?
- Is the carrier in the message the expected carrier?
After answering these quick questions, you may already have your answer that the message is a scam, if so, treat it accordingly. If you aren’t able to dismiss it right away, you will need to verify further. You may need to do this by checking the original communication upon purchase or by reaching out directly to the courier service.
To learn more about protecting your small business from delivery phishing scams and to learn more about other cybersecurity threats, trends, and topics with a focus on small business, check out Small Business, Big Threat!