Warning: Fake package notification could be dangerous malware

|
Warning: Fake package notification could be dangerous malware
Team Clark is adamant that we will never write content influenced by or paid for by an advertiser. To support our work, we do make money from some links to companies and deals on our site. Learn more about our guarantee here.
Advertisement

With the holiday season in full swing, there’s an old scam you need to be on the lookout for!

We’ve warned in the past about fake package delivery notices being sent via email, and now as the holiday shipping season ramps up, some consumers have reported they’ve been targeted by similar scams.

What the scam looks like

Here’s how it works: scammers send fake emails with subject lines containing the text (or similar to): ‘USPS Delivery Failure Notification.’ The emails claim to be from the U.S. Postal Service and contain fraudulent information about an attempted package delivery. The emails then instruct the person to click on a link for more information regarding how and when to get their package delivered.

Here’s an example of language used in these types of email scams:

USPS.COM
Notification
Your parcel has arrived at [date]. Courier was unable to deliver the parcel to you.

Print your label and show it in the nearest post office to get a parcel (link).

DO NOT CLICK THE LINK!

Clicking on the link can cause a variety of problems — the worst being that it can activate a virus, allowing the scammers to steal any personal information stored in your device, including usernames, passwords and other sensitive information tied your financial accounts.

If your device is infected with some type of malicious software, you typically have no idea it’s there. And then when you go to sign in to an account that contains your banking or other sensitive information, the criminals use a program to mirror your activity — recording any and every piece of info about you that they can use.

And these scams aren’t limited to USPS, similar scams have popped up in the past that appear to be from other official shipping companies such as UPS and FedEx.

The biggest problem for consumers is that scammers make these types of emails look almost identical to official notifications from the real shippers — using legitimate-looking email addresses and even the official logos.

Read more: Beware of fake shopping apps that will steal your info

How to protect yourself

If you receive an email you weren’t expecting, do not click on any links inside the email. Even if you are expecting a package, do not click on any links in an email notification. Go to the USPS, or other company, website directly to get any delivery information.

According to the USPS, another recent scam involved people receiving phone calls from thieves claiming to be USPS employees — asking for the customer’s birth date and Social Security number in order to confirm a package delivery.

Never provide this sensitive information to anyone — via phone, email or text — unless you can confirm the identity of the person on the other end, as well as the security of your information.

Read more: Warning: That Facebook ‘deal’ is no deal at all!

Variation of the scam

Another variation of this scam involves someone calling you about delivering a package. The caller will ask for a ‘verification fee’ in order to process the delivery and deliver the gift to your home. In order to ‘process the fee,’ the scammer will ask for a credit or debit card number — do not provide this information over the phone or in person to someone who shows up at your door. You should not have to pay a fee for the delivery of a gift. If you did order something, make sure to verify the delivery information with the company directly — and even in that case, a ‘verification fee’ should not be required. 

Tips to avoid this scam and others like it:

  • Be wary of unexpected emails containing links or attachments: If you receive an unexpected email claiming to be from your bank or other company that has your personal information, don’t click on any of the links or attachments. It could be a scam. Instead, log in to your account separately to check for any new notices.
     
  • Call the company directly: If you aren’t sure whether an email notice is legit, call the company directly about the information sent via email to find out if it is real and/or if there is any urgent information you should know about.
     
  • Look out for grammar and spelling errors: Scam emails often contain typos and other errors — which is a big red flag that it probably didn’t come from a legitimate source.
     
  • Never respond to a text message from a number you don’t recognize: This could also make any information stored in your phone vulnerable to hackers. Do some research to find out who and where the text came from. 

  • Don’t call back unknown numbers: If you get a missed call on your cell phone from a number you don’t recognize, don’t call it back. Here’s what you need to know about this phone scam.​

  • Be cautious of any notification from an “automated message system” that states “Click on this link for details.”

For basic protection, use anti-virus and anti-malware software and keep it up to date. See Clark’s Virus, Spyware and Malware Protection Guide for links to free options. And if you receive an email that you suspect could be a scam related to the USPS, you can report it by sending an email to [email protected]

Advertisement
Alex Thomas Sadler About the author:
Alex Thomas Sadler is the Managing Editor of Clark.com and Clark Howard Digital Products. Alex is also the host of Common Cents, a new Clark.com series that makes money simple, so you can better understand and take control of your own financial life. Alex graduated from the University of Georgia with bachelor's degrees in ...Read more
View More Articles
  • Show Comments Hide Comments