Phishing Scams Impersonating Delivery Services Surge

According to Check Point Research, the number of phishing emails sent on behalf of delivery services increased by 440% in November compared to October. The sharpest rise was seen in Europe, followed by North America and the Asia-Pacific region. Most often (in 56% of cases), scammers sent emails pretending to be from DHL. Amazon was the second most impersonated brand (37%), and FedEx came in third (7%).

Regional Trends in Phishing Attacks

In Europe, the number of phishing emails rose by 401% in November compared to October, with 77% of them disguised as notifications from Amazon. In the United States, scammers sent 427% more phishing messages than in October, and 65% of these appeared to come from Amazon. In the Asia-Pacific region, phishing attacks from delivery services increased by 185%, with nearly 65% of emails using the DHL brand.

Online Shopping Boom and Scammer Activity

Earlier in November, the U.S. Centers for Disease Control and Prevention warned about the risks of visiting shopping malls during the holiday season and recommended shopping online. As a result, online shopping volumes in the U.S. have continued to break records. In the first ten days of November, during the holiday shopping season, Americans spent $21.7 billion online—21% more than the previous year. According to DC360, shoppers were expected to spend $38 billion during the Thanksgiving holiday weekend in 2020, nearly double the amount spent during the same period in 2019.

However, it’s not just retailers who prepared for the online shopping boom—cybercriminals also mobilized to profit from the holiday rush. In addition to fake discount offers and links to fraudulent store websites, scammers have increasingly sent phishing emails pretending to be from delivery services.

How the Phishing Schemes Work

Check Point Research warns that these well-planned schemes target the entire online shopping process, from discount offers like those on Black Friday and Cyber Monday to the delivery of orders. The main goal is to trick people into revealing account credentials and bank card information, which can then be used to steal money. Unlike typical phishing emails that try to obtain personal data or online banking login details, emails from fake delivery services often contain bogus messages about delivery problems or offer to let recipients track their packages.

To resolve the supposed issue or use the service, victims are asked to provide personal or payment information. Experts note that scammers intentionally ramped up these campaigns in November, as many online shoppers are expecting deliveries and are more likely to pay attention to messages from delivery services. Additionally, many users are now aware of older holiday scam tactics, so traditional “too good to be true” offers are less effective for criminals.

How to Protect Yourself While Shopping Online

“To stay safe while shopping online, it’s important to follow a few simple rules. For example, use unique, non-repeating usernames and passwords for different sites, and don’t click on links in emails—which could be phishing attempts—but instead access the site through a search engine,” advises Vasily Dyagilev, head of Check Point Software Technologies in Russia and the CIS. “Pay special attention to the language and errors in emails and domain names: for instance, scammers might use the .co extension instead of .com or make typos in the email itself.”