Watch out for phishy package delivery notifications in your inbox

This time of year trucks, trains and planes are busily playing Santa, traversing the country and skies delivering packages to redistribution centers and eventually doorsteps, doing their best to insure people get their Christmas presents on time.

Also crossing the country but in more subtle ways, over landlines, through fiber and between cell towers are emails masquerading as shipping notifications, doing their best to arrive in your email inbox and their ransomware packages to be opened into your PC and network long before Christmas Day.

According to IBM Security’s vice president, speaking to USA TODAY on the matter, the holiday phishing season began shortly before Thanksgiving and will likely extend through Christmas.

Unfortunately, the effort has been quite successful already having netted scammers $445 billion.

So how exactly does this phishing scam work?

Well, here is how R.K. Black, Inc.’s own IT head described it in a company-wide memo he sent out Thursday warning associates of the scam and telling them how not to become victims.

The email phishers are hard at work creating fake emails with their poisoned links telling everyone their package failed to ship, there was a problem with their order or delivery, or some other catchy reason to trick you into clicking on embedded links that will end up ruining your computing holidays. Don’t fall for these tricks.  If you didn’t order anything from the company sending the email-just delete it. Even if you did recently do business with the supposed company sending the email, avoid clicking the link in the email or opening any attachments and instead, go directly to the originating website and check there. There are lots of these circulating right now and more to come.

The USA TODAY article says among the common subject lines in such phishing emails are:

  • We could not deliver your parcel, #00556030
  • Please Confirm Your DHL Shipment
  • Problems with item delivery, n.000834069
  • Delivery Receipt | Confirm Awb no:XXX830169
  • Your order is ready to be delivered
  • Courier was unable to deliver the parcel, ID00990381
  • Your DHL isher please download attachment to view detail and confirmation of your address

If you get any email even remotely resembling those subject lines, as our IT head said in his memo, do not click on the link or open any attachments. Rather, go directly to the store’s or shipper’s website to check on your package’s shipping status.

Clicking on the link or opening the attachment may unwrap and unbox a bit of software into your computer, or even worse, your entire network (even workplace network) giving scammers personal information including passwords to financial accounts or worse yet, exposing you to ransomware.

This software, such as Locky or the older Cryptolocker allows scammers to lock all your files, making them inaccessible until you make a payment via Bitcoin or some other untraceable currency. Opening such a virus at your workplace can open your entire workplace’s network to such a software, causing crippling damage and expense.

Often businesses have all kinds of firewalls and network security protections set in place to defend against such attacks; however, even with these measures, remember that as it was often said on the 2000s era game show, “You are the weakest link!...” A moment of curiosity followed by a single click can make your savings or your corporate data complete the phrase and say “Goodbye!”

Be like Santa. Look at the links. Check them twice. Find out whether they’re naughty or nice.

Here some things USA TODAY says you should look for when looking at a package delivery notice:

  • Does the notice include your full name, customer number and actual information from the company?
  • Is the email address from the actual company or from some strange variant — a weird .com.co or –Intl.com not really affiliated with the company?

Also, because it’s the government and is here to help you, the FCC has these tips on how to spot false shipping notification emails. 

Last, if you get a shipping email. Go with your gut. If something seems phishy, and makes you doubt, stay away from it.

If you have a business and want to protect your network from such scam, we suggest looking into a data back-up and disaster recovery system.

Basically, BDR once set-up captures images of your network at pre-designated times, giving you a place to return to should your network get infected. Say you did a back-up at 5 p.m. Monday and you got infected at 8:30 a.m. Tuesday, you can revert to 5 p.m. Monday and have all your files back with little downtime. This system is good as well to protect your business data from fires, flooding and natural disasters.

To learn more about network security or other managed IT services by R.K Black, click here or click the button below to have one of our reps contact you.


R.K. Black, Inc. is an Oklahoma City-based leading provider of office technology solutions to small and medium-sized businesses in and around central Oklahoma. We specialize in everything business technology from copier, fax, printer and  scanner technology to document management, onsite paper shredding services, VoIP phone systems and managed IT support to video surveillance solutions.

If you're want to learn more about us, feel free to explore the website, read our other blogs or click the button below to be contacted by one of our reps and tell you! Also, be sure to keep watching our social media channels on Facebook and Twitter for more business tips from our blog.