There is a noticeable increase in online fraud as the pandemic has driven more online activity. Along with this increase in online shopping, there has been a rise in large-scale phishing and smishing attacks targeting unsuspecting victims.
Phishing (email) and Smishing (text message) are types of fraud schemes, which criminals use to elicit funds, credit card and personally identifiable information (PII), or install malware on electronic devices.
Fraudsters typically send victims an email or text message that appears to originate from a trusted, legitimate party. The correspondence is designed to redirect to phishing websites, trick into divulging sensitive information, or infect the device with malware.
The recent successful phishing and smishing campaigns leverage increased online activity by emulating correspondence users might expect to receive when shopping online.
Package Tracking Phishing
Emails or text messages are sent with a purported tracking number for a package. Victims are directed to phishing sites where they are tricked into entering online account credentials, personal information, or payment details to view the tracking information.
Undelivered Package Phishing
Emails or text messages are sent indicating a package could not be delivered and directs victims to a phishing website that requests personal or payment information to reschedule the delivery.
Fraud Alert Phishing
Emails or text messages that purport to warn victims of a large online purchase or a suspicious payment on their accounts. Victims are then directed to call a phone number or visit a malicious link to confirm details.
Prevention and Mitigation
- Never respond to an email or text message from an unknown source. Never click on a link or open an attachment from an unknown source.
- Never respond to an email or text message offering you to earn quick and easy money.
- Never respond “Stop” or “No” to prevent future text messages, delete the text instead.
- Never share your financial or PII.
- Always read the entire email and look out for suspicious indicators, such as poor grammar or email addresses disguised to appear legitimate.
- Always independently verify where a request for sensitive information originates.
- Always independently type a website address instead of clicking on a link.
- Always delete a text message from an unknown source.
- Always mark an email from unknown source as spam.