Beware of Package Undelivered Phishing Emails

It’s that time of year again.  It’s the holiday season and for most of us, that means time with family and friends.  But this time of year isn’t only busy for retail businesses; it’s also a busy time for hackers and scammers.  They know that everyone is out purchasing gifts for their loved ones.  Since we increasingly turn to online stores to get us those great presents, hackers and scammers have figured out how to use that against you.  Everyone wants to know the status of their packages from online retailers.  Right after Thanksgiving in the U.S., there is a major increase in fraudulent package emails that make their way into email accounts. 

How to Identify Fraudulent Package Emails

Hackers and scammers are trying to prey on your worst nightmares when it comes to online shopping – a lost package.  They’ll send emails with subject lines like “Package Undeliverable” or “Delivery Exception”.  Think about it, if you ordered something and then a couple of days later you got an email saying your package can’t be delivered, how would you feel?  Who wants to deal with a shipping company?  And what if the package doesn’t arrive on time?

So you open the email, and without thinking, click on the link to try and resolve the issue.  That’s where they get you.  The resulting link usually has some sort of virus on it.  Typically, it’s ransomware that is designed to hold your files hostage until you pay the ransom.

UPS has compiled a lot of really great examples of fraudulent emails that they find.  Here’s an example of one –

Fraudulent UPS Email
Fraudulent UPS Email Source: ups.com

You’ll see that it looks pretty legitimate.  It has the UPS logo and some decent worded language in the email.  But, there are a few red flags here.  The first thing you should look at is who it’s from.  The From line on this email is not a valid UPS URL.  That should tip you off right away.  

But what if you don’t look at the “from” block of the email?  The second issue is that there is no tracking number in this email.  Most delivery exception emails from any carrier will have a tracking number in the body or subject of the email.  This example has neither.

The last red flag in this email is the link.  While this may look like the legitimate UPS URL, it might actually take you to another website.  When hackers send phishing emails, they typically use hyperlinks to get you to click on the link.  By using hyperlinks, the hackers have the ability to type in www.ups.com but have that go to their website, which typically hosts viruses.  The best way to defeat that is to hover your mouse over the link without clicking it.  Your browser will show where that link is actually going in the bottom right or left corner of your browser.

What can I do if I’ve received one of these emails?

I always recommend being cautious of any links in emails.  Especially emails that you didn’t sign up for.  So my first suggestion would be to not click links in any emails.  But what if the email is legitimate?  Well that brings me to my second suggestion.

Each of the main package delivery services have some sort of online account that will alert you of incoming packages.  UPS has UPS My Choice, FedEx has FedEx Delivery Manager, DHL has MyDHL, and USPS has Informed Delivery.  With all of these services, you can put in your address and it will inform you of packages that are coming your way.  Instead of clicking on the links in an email, log in to the services and see if there are any packages scheduled for delivery.  This way you know that the package is coming and you don’t have to worry about clicking any links in your email.

My final tip for you is to forward any suspected fraudulent emails to the shipping company’s fraud department.  Each of the major services has an entire department dedicated to fighting fraud.  They rely on you to help protect packages and their customers.  So if you get one of those emails use the links below to find the email address to forward the phishing email to.  This will help them take down the hackers and keep you safer.

About the Author Kyle

Kyle Slosek is a security practitioner with 10 years of experience in enterprise Information Technology environments. Through out his career Kyle has performed everything from certification and accreditation to penetration testing and forensics. He holds a Bachelor of Science in Information Technology, a Master of Science in Information Assurance, as well as several industry certifications.