Overview of phishing techniques: Order/delivery notifications

Introduction

One thing no one can deny is that online shopping is a common practice these days. With this, of course, comes order notifications and delivery notifications when packages arrive. Phishers are aware of this and have been using a phishing technique to exploit it. 

This article will detail the order/delivery notification phishing technique and will provide an overview of what it is, how it works, how you can spot it and what you can do to protect yourself. 

What is the order/delivery notification phishing technique?

The order/delivery phishing technique is when phishers send you a notification of an order or delivery that you did not make. They then request that you confirm your identity or reschedule a non-delivered package, or use any other method to spur user interaction. It could say you have a delivery waiting for you that requests confirmation of your personal information, or that you have placed an order that failed (again requesting personal information), or that you have a failed delivery (also known as a non-delivery notification) and that you have to click on a link to confirm the package so you can receive it. They also can contain an attached file that is infected with malware.

These are typical examples of this technique, but it is by no means an exhaustive list. Phishers are creative and always thinking of new ways to scam victims, and this includes using new variants of this technique to exploit victim’s fear or greed.

The holiday season normally sees an increase in the use of this phishing technique, taking advantage of the lowered cybersecurity defenses that seem to affect people during this time. A public health crisis also sees rising levels of this technique, as online shopping is the only way that many non-essential products can be (Read more...)