As the holiday shopping season comes to end, consumers should still be aware that hackers are sending fake delivery notifications appearing to come from companies like FedEx and UPS, especially as the last few days of package arrivals pass by. The hackers’ messages prompt consumers to enter their personal information like credit card information to resolve an issue with package delivery or immediately launch malware or ransomware upon clicking a link. According to a recent CNBC report on this ‘shipageddeon’ launched by hackers, one consumer received an email message appearing to be from UPS informing him that his package could not be delivered. Once he clicked the link provided to solve the issue, his screen started flashing and his computer was encrypted with ransomware requesting 150 bitcoins (or about $66,000). Upon the consumer’s refusal, his computer was wiped clean.

According to the CNBC report, fraudulent delivery messages rose by 440 percent from October to November, according to data from cybersecurity firm Check Point Software Technologies. Overall, fraudulent shipping messages overall rose 72 percent since November 2019. Don’t fall victim to these scams -at a minimum before clicking on a provided link or offering up your personal information make sure that the messages include correct spelling and company logos.

Cyber criminals are taking advantage of the increase in online holiday shopping due to the pandemic. They know people are buying gifts online and sending the packages to the recipients. Often, the recipients do not know they are receiving a gift as it is intended to be a surprise. 

Cyber criminals have stepped up their attempts to infiltrate personal devices and company systems through phishing emails and texts that spoof well-known carriers, such as UPS and FedEx. The email or text looks like a real communication from UPS or FedEx as it includes the company logo and tells the recipient that a package is on its way, but that the user needs to either update their delivery preferences or can check the delivery status by “clicking here.” It’s that “clicking here” instruction that dupes users into clicking on the link (even when they know they shouldn’t), which then infects their device or the system with malware or ransomware. 

We all love to get presents and packages. If you are sending a package or gift to someone, let them know that it is on the way. If you receive a message from a carrier that you weren’t expecting, be cautious and wicked paranoid about clicking on any links or attachments, just as you should with any other suspicious email or text.