On widespread Holiday Delivery Scams & how to prevent them

  • A fee needs to be paid before the package delivery (e.g., VAT) …
    A link in the message takes you to a fake site that will collect your personal and/or credit card information.
  • The package is held up at an office/depo and confirmation of delivery time is required…
    This site will try to collect your personal information and it may be sold or misused in the future.
  • The package could not be delivered, and you need to reschedule delivery…
    Same as the previous example.
  • The package could not be delivered, and you need to install an app to track it/reschedule delivery…
  • The linked app is usually malware that will either install additional malicious programs, steal your banking information or make transactions.

How do the attackers know your email/phone number?

You may think that these scammers can’t get to you as you keep your phone or email private to yourself. But this is a wrong and dangerous assumption in today’s digital world.

How to prevent holiday delivery scams?

Preventing similar social engineering scams (with account takeover intentions) can happen on two distinct levels: on the target business and the user’s side. On both levels, 2 major levers prevent such scams: education and technological solutions.

What to do if you receive a suspicious SMS/Email?

In case you received a suspicious message, please be mindful and:

  • Don’t respond to the message.
  • Don’t click any links.
  • Lookup contact information from the official website and call them to confirm, that you received a message from their company and that it seems suspicious.
  • If you discover that indeed the message is a part of a scam, report it to the national cyber security organization as well as to the organization that is being impersonated. This will help prevent future frauds.
  • Delete the message.
  • Block the number/email address.

What if you already clicked the link?

  • Close the browser window.
  • Scan your device for malware by using any well-respected anti-virus or anti-malware software.

What if you provided personal or banking information to the phishing site?

If you supplied banking information to a suspected phishing site, immediately:

  • Call your bank and report the incident, including whether credit card information was shared or not so that it can be blocked.
  • You may request chargeback in case a transaction was already made with your card in the meantime.

What if you installed a malicious app from the link?

If you suspect you installed a malicious app — malware — on your device be mindful that anti-malware solutions may not clean your device completely.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store