With the holiday season in full swing, there’s an old scam you need to be on the lookout for!
We’ve warned in the past about fake package delivery notices being sent via email, and now as the holiday shipping season ramps up, some consumers have reported they’ve been targeted by similar scams.
What the scam looks like
Here’s how it works: scammers send fake emails with subject lines containing the text (or similar to): ‘USPS Delivery Failure Notification.’ The emails claim to be from the U.S. Postal Service and contain fraudulent information about an attempted package delivery. The emails then instruct the person to click on a link for more information regarding how and when to get their package delivered.
Here’s an example of language used in these types of email scams:
DO NOT CLICK THE LINK!
Clicking on the link can cause a variety of problems — the worst being that it can activate a virus, allowing the scammers to steal any personal information stored in your device, including usernames, passwords and other sensitive information tied your financial accounts.
If your device is infected with some type of malicious software, you typically have no idea it’s there. And then when you go to sign in to an account that contains your banking or other sensitive information, the criminals use a program to mirror your activity — recording any and every piece of info about you that they can use.
The biggest problem for consumers is that scammers make these types of emails look almost identical to official notifications from the real shippers — using legitimate-looking email addresses and even the official logos.
How to protect yourself
If you receive an email you weren’t expecting, do not click on any links inside the email. Even if you are expecting a package, do not click on any links in an email notification. Go to the USPS, or other company, website directly to get any delivery information.
According to the USPS, another recent scam involved people receiving phone calls from thieves claiming to be USPS employees — asking for the customer’s birth date and Social Security number in order to confirm a package delivery.
Never provide this sensitive information to anyone — via phone, email or text — unless you can confirm the identity of the person on the other end, as well as the security of your information.
Variation of the scam
Another variation of this scam involves someone calling you about delivering a package. The caller will ask for a ‘verification fee’ in order to process the delivery and deliver the gift to your home. In order to ‘process the fee,’ the scammer will ask for a credit or debit card number — do not provide this information over the phone or in person to someone who shows up at your door. You should not have to pay a fee for the delivery of a gift. If you did order something, make sure to verify the delivery information with the company directly — and even in that case, a ‘verification fee’ should not be required.
Tips to avoid this scam and others like it:
- Be wary of unexpected emails containing links or attachments: If you receive an unexpected email claiming to be from your bank or other company that has your personal information, don’t click on any of the links or attachments. It could be a scam. Instead, log in to your account separately to check for any new notices.
- Call the company directly: If you aren’t sure whether an email notice is legit, call the company directly about the information sent via email to find out if it is real and/or if there is any urgent information you should know about.
- Look out for grammar and spelling errors: Scam emails often contain typos and other errors — which is a big red flag that it probably didn’t come from a legitimate source.
- Never respond to a text message from a number you don’t recognize: This could also make any information stored in your phone vulnerable to hackers. Do some research to find out who and where the text came from.
- Don’t call back unknown numbers: If you get a missed call on your cell phone from a number you don’t recognize, don’t call it back. Here’s what you need to know about this phone scam.â€‹
- Be cautious of any notification from an “automated message system” that states “Click on this link for details.”
For basic protection, use anti-virus and anti-malware software and keep it up to date. See Clark’s Virus, Spyware and Malware Protection Guide for links to free options. And if you receive an email that you suspect could be a scam related to the USPS, you can report it by sending an email to [email protected]