Security researchers at Check Point are warning Black Friday and Cyber Monday shoppers of surges in email phishing campaigns where hackers impersonate trusted delivery vendors, like Amazon, DHL and FedEx, to commit financial fraud. The emails are designed to trick recipients into disclosing their personal details by using message guises of “Delivery Issue” or “Track your Shipment”. Hackers are timing these email phishing campaigns to coincide with the anticipation of package deliveries from online shoppers who made purchases during this Thanksgiving holiday shopping season, where US consumers spent $9 billion online on Black Friday, up 21.6% on a year ago, according to Adobe Analytics.
Hackers are targeting both the before and after sides of the online purchasing experience. Two weeks ago, Check Point researchers documented an 80% increase in malicious phishing campaigns targeting online shoppers in the form of “special offers”, urging shoppers to be wary of “too good to be true” bargains found online. In fact, 1 out of every 826 emails delivered to users worldwide are malicious phishing emails, where the ratio at the beginning of October was 1 out of more than 11, marking a 13x increase.
440% Global Increase
In the month of November, Check Point researchers documented a 440% global increase in shipping related phishing emails, compared to October. Emails impersonating DHL made up 56% of the total volume of shipping-related phishing emails, followed by Amazon at 37%, and FedEx at 7%.
Figure 1. Surge in Shipping related phishing emails globally
Numbers by Region: Europe, USA and APAC
Europe
Europe topped the list in terms of total number of phishing emails. The numbers grew over four times (401%) compared to October. 77% of these emails in November were fake DHL mails.
USA
In the US, the increase was similar (427%) comparing November to October. The leading impersonated brand was Amazon with 65% of all phishing emails impersonating different Amazon shipping related notifications.
Asia Pacific (APAC)
APAC showed a more moderate, though significant, increase (185%) with DHL accumulating almost 65% of the total phishing emails.
Figure 2. Shipping Related Email Phishing: Amount by Region
Quote: Sundar N Balasubramanian, Managing Director, India & SAARC, Check Point Software Technologies
“Hackers are going after the entire online shopping experience, before and after you purchase. First, hackers will send you “special offers” to your inbox from your favorite brands. Then, hackers will send an email about the delivery of your purchase, even if you bought from a trusted source. Now that Black Friday and Cyber Monday are over, we’re turning towards the other side of the equation, which is deliveries.
Think twice as you open up any post-purchase emails this holiday season. The email could be from a hacker. Take a closer look at any email that alleges they are from Amazon, DHL or FedEx. Watch for misspellings. Beware of Lookalike Domains. It’s clear to us that hackers are targeting online shoppers at every step of the online shopping experience, where the danger is very real before and after you make a purchase.”
How to Protect Against Phishing Scams
- Never share your credentials– Credential theft is a common goal of cyberattacks. Many people reuse the same usernames and passwords across many different accounts, so stealing the credentials for a single account is likely to give an attacker access to a number of the user’s online accounts. Never share your account credentials and do not re-use passwords.
- Always be suspicious of password reset emails– If you receive an unsolicited password reset email, always visit the website directly (don’t click on embedded links) and change your password to something different on that site (and any other sites with the same password). By clicking on a link, you can reset the password to that account to something new. Not knowing your password is, of course, also the problem that cybercriminals face when trying to gain access to your online accounts. By sending a fake password reset email that directs you to a lookalike phishing site, they can convince you to type in your account credentials and steal them.
- Verify you are using a URL from an authentic website: One way to do this is not to click on links in emails, and instead click on the link from the Google results page after searching for it.
- Beware of lookalike domains: spelling errors in emails or websites, and unfamiliar email senders.
- Always note the language in the email: Social engineering techniques are designed to take advantage of human nature. This includes the fact that people are more likely to make mistakes when they are in a hurry and are inclined to follow the orders of people in positions of authority. Phishing attacks commonly use these techniques to convince their targets to ignore their potential suspicions about an email and click on a link or open an attachment.
- Watch for misspellings: Beware of misspellings or sites using a different top-level domain. For example, a .co instead of .com. Deals on these copycat sites may look just as attractive as on the real site, but this is how hackers fool consumers into giving up their data.
Examples caught by Check Point Researchers
- Amazon Impersonation Email in Japan
- DHL Impersonation in USA
- FedEx Impersonation in Israel
- Impersonation of Amazon in Italy
- DHL Express Impersonation in Austria
- DHL Impersonation in Greece
* The statistics and data used in this report present data detected by Check Point’s Threat Prevention technologies, stored and analyzed in ThreatCloud. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles. The intelligence is enriched with AI-based engines and exclusive research data from the Check Point Research – The intelligence & Research Arm of Check Point.
