With Christmas fast approaching and many retail shops shut amid the COVID-19 pandemic, more of us than ever before will be waiting patiently for our annual Christmas shopping to arrive at the doorstep.
This isn’t an opportunity that cyber scammers tend to turn down. Crooks will employ any number of different scams to exploit the increase in online shopping, and one such scam that has been prolific in 2020 is the failed delivery email scam.
This scheme starts with an email telling the recipient that a popular courier company has tried and failed to deliver a parcel to your door, and that you need to click a link in the email to pay for a further delivery attempt. In the examples we’ve seen, the email purports to come from DPD, but the crooks can and probably will change these details with subsequent iterations of the same scam.
The link will lead to a phishing website. That’s a website designed to appear legitimate and convincing to lure visitors into entering personal or sensitive information; information that is then sent to the scammers.
Sponsored Content. Continued below...
In the case of this failed delivery phishing scam, those who click on the link are directed to a website that not only asks for your contact information, but also for your credit card and back account details as well. That’s enough information for the crooks to make unauthorised payments from your account. In fact it’s enough for them to completely drain your account.
Below is an example of such a phishing email.
And below are the screenshots of the website you are taken to when you click the link in the email to reschedule your delivery.
Note that the email doesn’t contain your name or any personal details other than your email address. This is typical of mass-mailed phishing email scams.
The link in the email doesn’t lead to the website you’d expect. Take a look at the URL in the address bar on the images above. That’s not the DPD website!
The site is asking for too many details. The final image above shows that the website is asking for a visitors bank account and sort code – you don’t need to give out this information to make a payment.
If you get an email like this, don’t click on the links! If you’re in doubt as to the legitimacy of the email, find a phone number for the courier company (in this case DPD – but remember don’t get the contact details from the email as these might be fake! Go to the company’s official website.)
And importantly, have good security software on your mobile device capable of preventing phishing scams. Our recommendation for mobile security software is here.