The CDC (The Centers for Disease Control and Prevention) “shopping at crowded stores just before, on or after Thanksgiving” on its list of higher-risk activities to avoid, and in its guidance issued ahead of the holiday weekend, it also directly suggested that consumers do more of their shopping online. classified Not that much encouragement has been needed. During the first 10 days of November, the traditional holiday shopping season, U.S. consumers spent — a 21% increase year-over-year. And the sales momentum is just getting bigger. According to DC360 shoppers will – that’s over double 2019’s spend over the same weekend. $21.7 billion online spend $38 billion online over 2020 Thanksgiving weekend Of course, it isn’t just retailers who are looking forward to a record weekend: threat actors are organizing their infrastructures to try and grab their share of our holiday spending, too. In a recent , we showed how phishing emails doubled in November in the run-up to Black Friday and Cyber Monday. report What’s more, they are not just trying to target consumers with fake shopping-related emails and websites. They are also ramping up phishing and fraud attempts to take advantage of the shipping services that will deliver the goods we have purchased. Check Point Research (CPR) researchers are witnessing a thorough, systematic operation in which threat actors are leveraging the entire ecosystem of shopping. From special offers, through designated shopping days such as Chinese singles day, Cyber Monday, and Black Friday, all the way to the shipping and delivery process to try and trick victims into disclosing their personal details and use those details for financial theft and fraud. In this report, CPR reveals that during the month of November we have seen a dramatic spike in phishing emails that are impersonating internationally-known shipping companies such as DHL, Amazon & FedEx. Highlights Over 440% increase in shipping-related phishing emails in November compared to October. Europe tops the phishing surge, followed by North America & APAC. DHL is the company most impersonated globally in shipping-related phishing emails during November, followed by Amazon & FedEx Surge in Shipping related phishing emails globally We have observed that during November there has been a 440% increase in shipping-related phishing emails, compared to October. Emails impersonating DHL made up 56% of the total volume of shipping-related phishing emails, followed by Amazon with 37%, and FedEx with 7% of total. Regional data Numbers in Africa & South America were single-figures Europe topped the list in terms of the total number of phishing emails, and the numbers grew over four times (401%) compared to October. Seventy-seven percent of these emails in November were fake DHL mails. In the US the increase was similar (427%) comparing November to the previous month. The leading impersonated brand was Amazon with 65% of all phishing emails impersonating different Amazon shipping related notifications. APAC showed a more moderate, though significant, increase (185%) with DHL accumulating almost 65% of the total phishing emails. Where is my package? Unlike classic phishing emails that are designed to lure people into giving personal details, credit card info or bank account credentials, these emails are specifically impersonating shipping vendors with different versions of fake messages reporting a “delivery issue” or “Track your shipment” details. All are trying to lure the recipients to submitting details and stealing credentials or financial data. We believe hackers have specifically chosen this vector in November, as they know that large numbers of online shoppers are waiting for their packages to arrive and are more attentive to shipping-related emails while they may be more aware of more traditional e-commerce related fraud and phishing attempts. Examples of shipping related phishing emails Amazon impersonation email in Japan DHL Impersonation in USA Italian Impersonation Amazon Business How to Protect Against Phishing Scams – Credential theft is a common goal of cyberattacks. Many people reuse the same usernames and passwords across many different accounts, so stealing the credentials for a single account is likely to give an attacker access to a number of the user’s online accounts. Never share your account credentials and do not re-use passwords. Never share your credentials – If you receive an unsolicited password reset email, always visit the website directly (don’t click on embedded links) and change your password to something different on that site (and any other sites with the same password). By clicking on a link, you can reset the password to that account to something new. Not knowing what your password is, of course, also the problem that cybercriminals face when trying to gain access to your online accounts. By sending a fake password reset email that directs you to a lookalike phishing site, they can convince you to type in your account credentials and steal them. Always be suspicious of password reset emails – One way to do this is not to click on links in emails, and instead click on the link from the Google results page after searching for it. Verify you are using a URL from an authentic website – spelling errors in emails or websites, and unfamiliar email senders. Beware of lookalike domains – Social engineering techniques are designed to take advantage of human nature. This includes the fact that people are more likely to make mistakes when they are in a hurry and are inclined to follow the orders of people in positions of authority. Phishing attacks commonly use these techniques to convince their targets to ignore their potential suspicions about an email and click on a link or open an attachment. Always note the language in the email – Beware of misspellings or sites using a different top-level domain. For example, a .co instead of .com. Deals on these copycat sites may look just as attractive as on the real site, but this is how hackers fool consumers into giving up their data. Watch for misspellings The statistics and data used in this report present data detected by Check Point’s Threat Prevention technologies, stored and analyzed in ThreatCloud. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles. The intelligence is enriched with AI-based engines and exclusive research data from the Check Point Research – The intelligence & Research Arm of Check Point.

Amazon

Check Point

FedEx

Google

Target

Your Guide To AWS Instance Metadata Service (IMDS)

Phone Scams: What Is Vishing And How You Can Avoid It

Visit us

Too Long; Didn't Read

Protect Yourself Against The 440% Increase in Shipping-Related Phishing Emails

Protect Yourself Against The 440% Increase in Shipping-Related Phishing Emails

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Best Practice: Identifying And Mitigating The Impact Of Sunburst

47 Stories To Learn About Checkpoint

Best Practice: Identifying And Mitigating The Impact Of Sunburst

Check Your Privilege: Designing Cloud Infrastructures According to the Least Privilege Principle

Cloud Sourcing as a Crucial Component in Threat Prevention

Cloud Threat Hunting: Investigating Lateral Movement

Best Practice: Identifying And Mitigating The Impact Of Sunburst

47 Stories To Learn About Checkpoint

Best Practice: Identifying And Mitigating The Impact Of Sunburst

Check Your Privilege: Designing Cloud Infrastructures According to the Least Privilege Principle

Cloud Sourcing as a Crucial Component in Threat Prevention

Cloud Threat Hunting: Investigating Lateral Movement

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps