Cybersecurity experts at Kaspersky are urging people to protect themselves against a rise in delivery payment scams that take advantage of online purchasing activities.
Individuals and organisations alike have come to rely on home deliveries of all kinds through the pandemic — and online scammers have taken note, according to a daily update from Kaspersky this week.
“On average, any given buyer receives 19 deliveries per year,” they write.
“The 2020 figures are likely to be significantly higher. In this year of self-isolation, it’s no longer uncommon for consumers to receive several deliveries in a single day, or to have a hard time keeping track of which parcels are at what stage of delivery.”
The related payment scams often begin with a phishing attempt by sending an email that mimicks notifications from a well-known delivery service.
Many might come via physical or email addresses that aren’t listed by the service the message appears to represent.
“According to the notification, an order could not be delivered because of an incorrect address, extra charges for unforeseen expenses, or some other vaguely plausible reason,” Kaspersky says.
The recipient is asked to pay an amount to ensure delivery, via a link to what looks like a delivery service website but is actually a phishing page.
Often the amount is small, for example a couple of euros — which means many people can be tempted to simply click and pay, including the supply of personal information such as card details, there and then.
According to Kaspersky, insisting on best practices on deliveries and installing a reliable, regularly updated internet security solution such as Kaspersky Internet Security are the best ways to keep safe.
“Keep basic track of your deliveries. If you place so many orders that you cannot remember them all, keep a running file or jot down a list of orders you have outstanding,” they write.
“Avoid clicking on links in emails, particularly if you’re not entirely sure they’re legit, and never enter personal or payment details on a page that opens from such a link.”
Also, you can always contact the delivery service directly over the phone to confirm the details, using alternative numbers and addresses from the original company website or invoice — not any links, phone numbers or addresses in the email notification that you received.
In mid-December, Kaspersky threat intelligence reported that it had detected an average of 360,000 new malicious files per day in 2020. This was 5.2% up on 2019.
“This was influenced mostly by a large growth in the number of Trojans (malicious files capable of a range of actions, including deleting data and spying) and backdoors (a specific type of Trojan that gives attackers remote control over the infected device): a 40.5% and 23% increase respectively,” the company said in its Kaspersky Security Bulletin: Statistics of the Year analysis.