The American shopping sector is facing tough times. Delays are common, and several shoppers are anxious about the timely delivery of purchased items. Shoppers are continuously checking emails and numbers. Amidst these, a certain section of hackers is trying to exploit the growing concern among shoppers.
It appears that cybercriminals are noticing these developments. They are spoofing notification emails and tracking numbers.
Criminals are writing emails and imitating brands to force shoppers into clicking on links that contain credential harvesting pages.
Such emails mostly include catchy or attention-grabbing lines that would be of extreme interest to the users. For instance, subject lines found in such emails are mostly along the lines of ‘your parcel is delayed further’, ‘critical shipping information, ‘here is how you can enjoy a faster delivery’, or so.
As these subject lines are so relevant, users are likely to visit the link included in emails. These links lead the user to pages that harvest individual credentials.
To be precious, when a user clicks on redirecting links, say, “View Details,” they are redirected to a webpage through links that can spoof the USPS. The opened page may have leading links wherein users are supposed to enter their payment information such as the credit card or debit card details. A common tempting offer is somewhat like this- for about $1, the delivery can be made faster or redirected’. Such a tempting message can easily trick a shopper who is already worried about the on-time delivery of their purchase.
The sensitive information thus entered can be accessed by the hackers and used for future attacks and fraudulent activities. With respect to brands, here is the list the most impersonated ones. The info is compiled by CheckPoint.
Microsoft (45%)
DHL (26%)
Amazon (11%)
Bestbuy (4%)
Google (3%)