BBB Alert: Shopping Online? Watch out for Phishing Emails Posing as Fed Ex and UPS

December 03, 2010

With only a few weeks left to get holiday cards and gifts sent to loved ones, phishing scams are posing as holiday shipping and mailing services. The Better Business Bureau is warning consumers to be on the lookout for two phishing scams this holiday season. Hackers are pretending to be customer service personnel from some of the biggest names in business—including FedEx and UPS. Hackers are impersonating well-known companies in order to gain access to your computer drives, files and accounts to steal your personal information including Social Security, bank or credit card numbers.

“Cyber criminals are spreading computer viruses and stealing identities while most of the country is preparing to celebrate the holidays,” said Karen Nalven, President of BBB serving West Florida. “Hackers using e-mail phishing messages are posing as trusted businesses to take advantage of the seasonal increase in online shopping and shipping of merchandise all across the country.”

The BBB has the following advice:

· Shipping schemes - Hackers send phishing e-mails from “shipping companies” claiming that there is a problem with delivery of merchandise. Commonly, the e-mail will include a hyperlink for recipients to click on that will take them to another Website that might install malware or solicit personal information. A message currently making the rounds has a subject line that looks like, “Subject: Tracking Number 13040065504.” The body of the message claims that a package could not be delivered and advises the recipient, “to print the copy of the invoice that is in the added file.” The attachment is actually a virus that will infect the computer.

BBB Advice: Instead of clicking on the link in the e-mail, go directly to the shipper’s Web site or contact the company via telephone to confirm whether there is a shipping problem with your package. Do not open attachments to unsolicited e-mails.

· E-card schemes - E-cards are a popular and inexpensive way to deliver season’s greetings to loved ones. With legitimate e-cards, the recipient receives an e-mail with a hyperlink that will take the user to the e-card which is housed on a Website. Unfortunately, by design, e-cards are an easy way for hackers to disguise phishing e-mails and direct you to their Websites which will install viruses and malware on your computer. You should be careful about clicking on a link in an e-card as the hackers will often use logos from recognized brands and companies in order to appear legitimate.

BBB advice: Phishing e-mails posing as e-cards can be difficult to spot. Spelling and grammatical mistakes are a huge red flag. Also, do not follow the link in an e-card if you do not recognize the name of the sender. Consumers who receive suspicious e-mails should report them to the Internet Crime Complaint Center at