Be Careful This Holiday Season
December 13, 2022
Thinking Outside The Box
As shippers forecast another record year of holiday deliveries, scammers are ramping up their efforts to take advantage.
As the holiday’s approach and deliveries adorn your porch, remain diligent in protecting yourself against package delivery scams. It’s become all too common to receive a text message from a contact alleged to be a carrier that says they were unable to deliver your package. The message might claim the package is from a friend and you may be asked to reply and confirm your identity.
In package delivery scams, victims are asked for personal information and in some cases a credit card number to schedule another attempt at delivery. In other variations, victims are contacted by email or phone. Some scammers send a text or email containing an embedded link with instructions to track the package by clicking, which of course can download malware to the device.
Avoiding delivery (and other) scams
- Inspect links carefully, especially when they come in unsolicited texts or emails. Service providers are not contacting customers via email or text about packages. Be wary of official-looking communications – popular brands can be spoofed easily by changing just one letter or character.
- Watch for professional emails from unsecured addresses. Online communication from a delivery agency will be sent using their own secure domain. Always be suspicious of communications from unsecured addresses.
- Never share personal information with an unverified contact. If asked to share sensitive information incoming via text, email, or phone call, end the conversation immediately.
If you’re targeted
If you believe you’ve been targeted by a pending package scam, it’s important not to engage. Delete any suspicious text messages and block the number of the contact. Similarly, delete suspicious emails and mark them as spam. You can learn more about common scams, and report them on the Federal Trade Commission website.
Gift Cards are for Gift-Giving
Spot and avoid gift card scams this holiday season
The number of gift card scams and the money lost to these scams has increased every year since 2018. Fraudsters like gift cards because they are easy to purchase, easy to share, and impossible to trace.
How they get to you
Many gift card scams start with outreach by someone impersonating a branch of the government like the Social Security Administration or a government-adjacent business like the Internal Revenue Service (IRS.) The scammer may threaten to freeze bank accounts or even issue a warrant for arrest if gift cards aren’t used to pay off an unpaid balance or clear some other ‘problem.’ Others impersonate colleagues (often claiming to be a senior leader from your workplace), asking for gift cards as payment to clients or friends/family asking for gift card funds to get them out of some sort of emergency.
What they ask for
Regardless of the reason for payment, the scam follows a certain formula: You receive a text, email, or phone call instilling urgency to make a payment by purchasing cards from the nearest retailer. After the cards have been purchased, you’re asked to pay by sharing the code(s) on the back of the card. Google Pay, Apple, eBay, Target, and Walmart cards remain popular requests among scammers. Read other examples of similar scams on the Federal Trade Commission’s (FTC) Gift Card Scams page.
What to do
It’s important to know that gift cards can be used only to purchase goods and services from the issuing retailer. If you’re approached to use the cards for any other payment, you could very likely be the target of a scam and should immediately report it to your local police department as well as the FTC’s reporting site.
Other holiday-related fraud awareness
Remember to also be diligent with holiday giving to organizations. Have a look back at the December 2021 Information Security Brief for reminders and resources to prevent scammers from taking your charitable donations for their own profit.
It’s also the time of year for package delivery scams. If you missed the November newsletter, read up on this trend here.
Posted in Security Updates