As Christmas approaches, experts suggest an added dollop of caution before simply clicking on email package delivery notices. Fake notifications are proliferating, bringing not holiday cheer but holiday ransomware.
Phony email notices deliver malware agony
The holiday phishing season began right before Thanksgiving and may likely extend until after Christmas, said Caleb Barlow, vice president for IBM Security.
“This is a $445 billion business. These are campaigns run by the criminal equivalent of marketers,” he said.
Security company FireEye sees a significant increase in fake package email alerts beginning in November – an almost 100 % increase from the average of September to October.
Common subject lines the company has a tendency to come in two main types.
Some contain malware that invades your computer and either allows it to be utilized by a botnet or attempts to find and extract personal information about you which might be sold, or login information for your financial accounts.
Probably the most damaging can contain ransomware. This is software that enables criminals to remotely lock up your computer. They then send a message demanding payment in untraceable digital currency such as Bitcoin.
To protect yourself, look carefully at any emailed package delivery notice. Do they include your full name, customer number and actual information from the company? Is the email address it originated from actually the company or some odd variant?
For example, an email purporting to be from FedEx that came to this reporter on Wednesday was actually from FedEx-intl.com, a non-existent address.
If there’s any doubt, don’t click, experts say. Have you received any emails that you know are fake and would like to share with us so we can let everyone know. Simply click here to send them to us.