Check Point - Phishing scams related to parcel deliveries up by 400% during November’s online shopping period
December 2020 by Check Point
Security researchers at Check Point are warning Black Friday and Cyber Monday shoppers of surges in email phishing campaigns where hackers impersonate trusted delivery vendors, like Amazon, DHL and FedEx, to commit financial fraud. The emails are designed to trick recipients into disclosing their personal details by using message guises of “Delivery Issue” or “Track your Shipment”.
Amid record-breaking Black Friday and Cyber Monday e-shopping, Check Point researchers urge holiday shoppers anticipating package deliveries to watch out for delivery scams as hackers impersonate Amazon, DHL and FedEx with fake “Track your Shipment” or “Delivery Issue” emails
• 400% increase across Europe in shipping- and post-related phishing emails in Nov, compared to Oct.
• DHL most imitated brand globally, making up 56% of the total volume of shipping-related phishing emails, followed by Amazon at 37%, FedEx at 7%
• Check Point researchers provide shipping scam numbers by region, Europe, USA and APAC:
o Europe: 401% increase in shipping phishing emails, where 77% of emails are DHL fakes.
o USA: 427% increase in shipping phishing emails; Amazon most impersonated brand, where 65% are fake Amazon delivery emails.
o APAC: 185% increase in delivery phishing emails, with 65% of the total phishing emails are DHL fakes.
Hackers are timing these email phishing campaigns to coincide with the anticipation of package deliveries for online shoppers who made purchases during the holiday shopping season, where US consumers spent $9 billion online on Black Friday, up 21.6% on a year ago, according to Adobe Analytics.
Hackers are targeting both the before and after sides of the online purchasing experience. Two weeks ago, Check Point researchers documented an 80% increase in malicious phishing campaigns targeting online shoppers in the form of “special offers”, urging shoppers to be wary of “too good to be true” bargains found online. In fact, 1 out of every 826 emails delivered to users worldwide are malicious phishing emails, where the ratio at the beginning of October was 1 out of more than 11, marking a 13x increase.
400% European increase in shipping-related phishing In the month of November, Check Point researchers documented a 400% European increase in shipping related phishing emails, compared to October. Emails impersonating DHL made up 56% of the total volume of shipping-related phishing emails, followed by Amazon at 37%, and FedEx at 7%.
Numbers by Region: Europe, USA and APAC
Europe topped the list in terms of total number of phishing emails. The numbers grew over four times (401%) compared to October. 77% of these emails in November were fake DHL mails.
In the US, the increase was similar (427%) comparing November to October. The leading impersonated brand was Amazon with 65% of all phishing emails impersonating different Amazon shipping related notifications.
Asia Pacific (APAC)
APAC showed a more moderate, though significant, increase (185%) with DHL accumulating almost 65% of the total phishing emails.
Check Point Manager of Data Intelligence, Omer Dembinsky said: “Hackers are going after the entire online shopping experience, before and after people have made purchases. First, hackers will send “special offers” to peoples’ inboxes from their favorite brands. Then, hackers will send an email about the delivery of purchases, even if you bought from a trusted source. Now that Black Friday and Cyber Monday are over, we’re turning towards the other side of the equation, which is deliveries. Think twice as you open up any post-purchase emails this holiday season. The email could be from a hacker. Take a closer look at any email that alleges they are from Amazon, DHL or FedEx. Watch for misspellings. Beware of Lookalike Domains. It’s clear to us that hackers are targeting online shoppers at every step of the online shopping experience, where the danger is very real before and after you make a purchase.”
How to Protect Against Phishing Scams
• Never share your credentials– Credential theft is a common goal of cyberattacks. Many people reuse the same usernames and passwords across many different accounts, so stealing the credentials for a single account is likely to give an attacker access to a number of the user’s online accounts. Never share your account credentials and do not re-use passwords.
• Always be suspicious of password reset emails– If you receive an unsolicited password reset email, always visit the website directly (don’t click on embedded links) and change your password to something different on that site (and any other sites with the same password). By clicking on a link, you can reset the password to that account to something new. Not knowing your password is, of course, also the problem that cybercriminals face when trying to gain access to your online accounts. By sending a fake password reset email that directs you to a lookalike phishing site, they can convince you to type in your account credentials and steal them.
• Verify you are using a URL from an authentic website: One way to do this is not to click on links in emails, and instead click on the link from the Google results page after searching for it.
• Beware of lookalike domains: spelling errors in emails or websites, and unfamiliar email senders.
• Always note the language in the email: Social engineering techniques are designed to take advantage of human nature. This includes the fact that people are more likely to make mistakes when they are in a hurry and are inclined to follow the orders of people in positions of authority. Phishing attacks commonly use these techniques to convince their targets to ignore their potential suspicions about an email and click on a link or open an attachment.
• Watch for misspellings: Beware of misspellings or sites using a different top-level domain. For example, a .co instead of .com. Deals on these copycat sites may look just as attractive as on the real site, but this is how hackers fool consumers into giving up their data.
* The statistics and data used in this report present data detected by Check Point’s Threat Prevention technologies, stored and analyzed in ThreatCloud. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles. The intelligence is enriched with AI-based engines and exclusive research data from the Check Point Research – The intelligence & Research Arm of Check Point.