‘Tis the season for online shopping, which means more people than usual are expecting packages in the mail leading up to Christmas.
That gives the criminals ample opportunity to lure you in with fake package-tracking emails that can load malware onto your computer, phone or tablet.
Be on the alert for fake shipping notifications
Here on Team Clark, we’re again seeing an uptick in the number of fake package-tracking notifications being sent to people in time for the holidays.
Team member Sally recently received the following bogus emails in her inbox:
“It was easy for me to spot this as a scam because I have not ordered anything from [these companies],” Sally said. “Also, the sender’s email addresses on both examples are clearly untrustworthy.”
That’s a great observation on Sally’s part; both X9P8Z@i8u7o89ui7o8u.ikexpress.com and FedEx@refunded.poneytelecom.eu are oddball addresses.
The latter is registered in the European Union. You have to ask yourself why Sally would be getting an email about a domestic package — that she didn’t order in the first place — from an international division of FedEx!
So one key line of your defense against this common scam should be to check the sender addresses on these kinds of emails.
Because let’s face it: The criminals do a great job of getting the look, feel and even the logo of these companies down pat!
In fact, when you consider how real these emails look, it’s no surprise that so many people are duped. They will fall prey, click on the link in the email and wind up downloading malware to their device. It’s that malware that can leak sensitive financial info to criminals located who knows where.
So the best rule of all is this:
If you receive an email you weren’t expecting, do not click on any links inside the email. If you are expecting a package, go directly to the carrier or retailer’s own website (UPS, FedEx, Walmart, Amazon, etc.) to get any delivery information you supposedly need to know.
Here are a couple of other common tip-offs that can alert you to the fact that the package-tracking notifications showing up in your inbox are bogus:
A very loose command of the English language: We all know by now that phishing emails are notorious for their bad grammar and misspellings. Of course, if a suspicious email doesn’t have any typos that doesn’t mean it’s legitimate by any means! Rather, you should think of the spelling/grammar test as a red light to alert you to suspected criminal phishing, rather than a green light to let you know the email is truly legit.
Notifications that are general in nature and don’t use your name – If you’re not mentioned by name, that’s a sign the criminals are playing a numbers game blasting these emails out to as many people as possible. If they’re able to steal money from even a handful of those people, that’s a win for them. Don’t become a statistic!
Here are some more scam-related articles from Clark.com:
Warning: Fake package-tracking email may have a nasty malware surprise