Consumers have been warned through the years of a common technique called phishing. It’s when a scam artist casts a widespread net with seemingly harmless bait and fishes for victims by using fake emails. The emails are designed to either obtain your personal identifying information or to lure you into clicking on links, releasing a virus into your computer system.
Savvy and smart scam artists were able to “up the ante” by learning more about the email user’s tastes and interests to send targeted phishing emails to increase the likelihood the email scam will be opened. These “spear phishing” emails often take on the name and website domain address of a reputable business or organization such as a national bank. The relevance of the business helps increase the appearance of authenticity, often resulting in the most informed consumer becoming a victim of the email phishing scam.
During the holidays, consumers received virus spreading emails through messages reporting to come from UPS, DHL or FedEx parcel delivery services. The bogus messages notified those anxious online shoppers that a delivery could not be issued and asked the consumer to open an invoice to claim the undelivered package. All three private shipping companies post warnings on their websites about these phishing scams.
Within the past two months, consumers across the U.S. are reporting email spear phishing scams. These emails have the following in common:
- The email message notifies the homeowner of a package delivery or online postage charge.
- The email message directs the consumer to click on a link or open an attachment.
- The email’s return email uses @usps.com which is the actual website domain of the U.S. Postal Service.
- The email creates a strong sense of urgency for “call to action” by claiming the homeowner will incur a daily charge or fee for every day the package is held and not delivered. The amounts vary in sample emails, but appear to be less than $20 a day in all cases.
- Clicking on any links activates a virus which can steal personal information such as usernames, passwords and financial account information stored on the computer.
BBB offers the following tips if the spear phishing email targets your inbox:
- Report/forward any suspicious email to U.S. Postal Inspection Service email@example.com.
- Delete the message.
- If any links were “clicked” or attachments opened, run a virus scan immediately.
- U.S. Postal Service will never send emails to their customers about package deliveries
- Questions about a delivery by Postal Services should be directed to 800-ASK-USPS.
USPS Warning on their website: https://postalinspectors.uspis.gov/radDocs/consumer/SpamAlert.pdf