If you do much shopping online you’re probably used to receiving emails letting you know when your orders have been shipped.
Many Internet retailers send out these emails as a courtesy to their customers. And they are indeed handy, especially when they contain the tracking number for an order you’ve placed.
Unfortunately, hackers and scammers are now sending out fake package delivery notices that could result in your login credentials for a retailer’s website being stolen and/or malware being downloaded onto your computer.
The scam typically works something like this:
1 – You receive an email with a subject line that makes it appear that it came from a legitimate shipping company like UPS, FedEx, DHL or the U.S. Postal Service, but the email was actually sent by a scammer.
2 – The text of the email will say your package couldn’t be delivered or they need some kind of info to verify your identity before it can be delivered (or some other excuse to coax you into clicking a link in the email).
The link will supposedly take you to either the shipping company’s website or a retailer’s website so you can enter the required info, but if you click on it you’ll actually be taken to a realistic-looking, but fake web page with a form to enter the info they’re trying to steal from you.
If you fill out the form on that page you’ll likely end up handing over your login details for a website that you actually use and/or sensitive information that can be used to steal your identity.
And to top it all off, malware will almost certainly be installed onto your computer to boot!
As you can see, these fake delivery notices are very dangerous. But luckily, they are also very easy to recognize and avoid.
Most Internet retailers provide tracking numbers for the packages they ship themselves. Shipping companies rarely bother to contact the customer at all.
You’ll typically receive the tracking number for a package in the confirmation email the retailer sends you letting you know your order has been shipped.
If you lose that confirmation email (or suspect it night be a fake) you can usually get the tracking number on the retailer’s website by logging in directly from a known good URL and viewing the order details for the item in question.
If you receive an email that contains a tracking number, don’t click a link in the email to view the tracking information, even if you really did place a recent order from that company. That email could still be a fraudulent email that has nothing to do with your order.
Chances are the email is legit if you did place a recent order, but there’s no reason to chance it.
What you need to do is copy the tracking number provided in the email to the Windows clipboard, then paste it into the search box on Google. Google will then provide a direct link to that tracking information on the shipping company’s website.
If the tracking number is real you’ll see the tracking information on your screen. If it’s fake you’ll be told that it couldn’t be found in the shipping company’s database.
If you’ve already received one or more of these fake emails and clicked on any links contained within them, I recommend that you immediately do the following:
1 – Run a thorough malware scan on your computer.
2 – Change the passwords for any online accounts that could have been compromised via your interactions with the fraudulent email(s).
3- Enable Two-Factor Authentication on every online account you have. (Note: You should do this anyway even if you didn’t interact with any suspicious emails.)
Bottom line: Any email you receive from a package delivery service should be assumed to be a fraudulent email because these companies rarely contact a customer directly via email.
As mentioned above, tracking and delivery info is usually provided by the retailer, not the shipping company (although there are rare exceptions).
I recommend that you keep a list of all the orders you place with online retailers and mark off each delivery as it is received. If you receive an email from a company that you never ordered from you won’t find that company on your list so you’ll know right off that the email is a fake.