2020 brought the biggest online shopping season on record. And with the surge in online shopping comes an uptick in people looking to take advantage of you.
Schemers are sending out fake shipping notifications impersonating some of the biggest shipping companies in the world, including Amazon, Fedex, UPS, and DHL.
“These bad actors are timing these impersonations right in the window when people would be expecting, let's say, a shipping update,” says Brian Linder, of cybersecurity company Check Point.
Linder tells NBC10 his company saw a 440% increase of this activity in the first two weeks of November. He says shipping companies are still being impersonated at an alarming pace.
Get Philly local news, weather forecasts, sports and entertainment stories to your inbox. Sign up for NBC Philadelphia newsletters.
If you take the bait and click on one of these fake shipping notifications, one of two things can happen, Linder says. “Either they're going to give you a Web page that looks awfully authentic. It looks perfectly legit. They're going to collect your username and password and then they're going to use that for profit. They're going to sell it. They're going to use it for some financial gain,” Linder explained.
A ransomware attack is the other likely outcome.
“A ransomware attack is when you click a link you shouldn't have, things start happening and suddenly your machine, the screen on your machine goes black and they demand a payment.”
The No. 1 impersonated company in the United States is Amazon, according to Check Point. FedEx has the second highest number of impersonations.
Have a consumer complaint? Call 215-201-5310
So how can you spot a scam? Look for things like grammar errors in the emails, and misspellings in website addresses. These are things you would not expect from a legitimate company.
When it comes to imposters trying to trick Amazon customers, the company tells NBC10 Responds: “Any customer that receives a questionable email or call from a person impersonating an Amazon employee should report them to Amazon customer service. Amazon investigates these complaints and will take action, if warranted."
FedEx tells us in part: “FedEx does not send unsolicited text messages or emails to customers requesting money or package or personal information.” “Any suspicious text messages or emails should be deleted without being opened, and reported to firstname.lastname@example.org.”
Linder’s best advice: if you’re not sure if an email or text is legit, don’t take any chances. “Delete that email immediately, assume it's not legitimate and go right to the website. Skip right over that,” he says.
Amazon, FedEx, UPS, and DHL all have protocol for customers who believe they are the victim of an impersonation scam.
Amazon asks you submit suspicious calls or emails from people impersonating Amazon employees to: email@example.com
You can click here to tell if an email and phone call are really from Amazon (and information about reporting fraud calls to FTC).
Gift Card scams with tips (also includes some email/phishing information):
“FedEx does not send unsolicited text messages or emails to customers requesting money or package or personal information. Unfortunately, scammers often invoke the names of trusted brands when attempting to take advantage of the public, and FedEx is one of many companies whose brand has been abused in this way," the company wrote to us.
UPS says it does not request payments, personal information, financial information, account numbers, IDs, passwords, or copies of invoices in an unsolicited manner through email, mail, phone, or fax or specifically in exchange for the transportation of goods or services.
Customers can also sign up for the free UPS My Choice service, which sends text and email alerts when packages are on their way, and enables you to let your UPS driver know where at your home you’d like to leave your deliveries (side door, with a neighbor, etc.), or to send your deliveries to a UPS Access Point location.
"Online fraudsters are becoming increasingly more sophisticated, using leading brands to impersonate websites, social media accounts, e-mails and more," the company said in a statement.
"We continue to inform our customers about how to protect their accounts and remain safe from fraud. Additionally, we partner with a technology company to help us detect trademark infringements, counterfeit sales, phishing attacks, bogus recruitment ads, other types of fraud and more. We respond to incoming fraud reports, as well as detect and help eliminate fraudulent schemes."