Site icon Check Point Blog

Where’s the package I’m expecting? Watch out for shipping and delivery-related phishing emails that try to track YOUR details

The CDC (The Centers for Disease Control and Prevention) classified “shopping at crowded stores just before, on or after Thanksgiving” on its list of higher-risk activities to avoid, and in its guidance issued ahead of the holiday weekend, it also directly suggested that consumers do more of their shopping online.

Not that much encouragement has been needed.  During the first 10 days of November, the traditional holiday shopping season, U.S. consumers spent $21.7 billion online — a 21% increase year-over-year.  And the sales momentum is just getting bigger. According to DC360 shoppers will spend $38 billion online over 2020 Thanksgiving weekend – that’s over double 2019’s spend over the same weekend.

Of  course, it isn’t just retailers who are looking forward to a record weekend:  threat actors are organizing their infrastructures to try and grab their share of our holiday spending, too.  In a recent report, we showed how phishing emails doubled in November in the run-up to Black Friday and Cyber Monday.

What’s more, they are not just trying to target consumers with fake shopping-related emails and websites.  They are also ramping up phishing and fraud attempts to take advantage of the shipping services that will deliver the goods we have purchased.

Check Point Research (CPR) researchers are witnessing a thorough, systematic operation in which threat actors are leveraging the entire ecosystem of shopping. From special offers, through designated shopping days such as Chinese singles day, Cyber Monday and Black Friday, all the way to the shipping and delivery process to try and trick victims into disclosing their personal details and use those details for financial theft and fraud.

In this report, CPR reveals that during the month of November we have seen a dramatic spike in phishing emails that are impersonating internationally-known shipping companies such as DHL, Amazon & FedEx.

Highlights

Surge in Shipping related phishing emails globally

We have observed that during November there has been a 440% increase in shipping related phishing emails, compared to October. Emails impersonating DHL made up 56% of the total volume of shipping-related phishing emails, followed by Amazon with 37%, and FedEx with 7% of total.

Regional data

Numbers in Africa & South America were single-figures

Europe topped the list in terms of total number of phishing emails, and the numbers grew over four times (401%) compared to October. Seventy-seven percent of these emails in November were fake DHL mails.

In the US the increase was similar (427%) comparing November to previous month. The leading impersonated brand was Amazon with 65% of all phishing emails impersonating different Amazon shipping related notifications.

APAC showed a more moderate, though significant, increase (185%) with DHL accumulating almost 65% of the total phishing emails.

Where is my package?

Unlike classic phishing emails that are designed to lure people into giving personal details, credit card info or bank account credentials, these emails are specifically impersonating shipping vendors with different versions of fake messages reporting a “delivery issue” or “Track your shipment” details.

All are trying to lure the recipients to submitting details and stealing credentials or financial data.  We believe hackers have specifically chosen this vector in November, as they know that large numbers of online shoppers are waiting for their packages to arrive and are more attentive to shipping-related emails while they may be more aware of more traditional e-commerce related fraud and phishing attempts.

Examples of shipping related phishing emails

Amazon impersonation email in Japan

DHL Impersonation in USA

Italian Impersonation Amazon Business

 

How to Protect Against Phishing Scams

The statistics and data used in this report present data detected by Check Point’s Threat Prevention technologies, stored and analyzed in ThreatCloud. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles. The intelligence is enriched with AI-based engines and exclusive research data from the Check Point Research – The intelligence & Research Arm of Check Point.

Exit mobile version