Fake E-Mail Scams Prevalent During the Holidays
Worcester, MA - -December 23, 2014 - - BBB of Central New England is warning consumers to be on the lookout for two common counterfeit e-mail scams appearing to come from major retailers such as Walmart and from FedEx or other well-known shipping vendors during the holidays.
In the first scam, you receive an email message that appears to about a recent purchase you made online. The e-mail seems to come from a well-known retailer such as Walmart, The Home Depot, or Target to inform you that your purchase is ready for pick up or has been shipped.
You don't remember ordering anything from that store, but in the holiday shopping rush it could have slipped your mind. Curious, you click on the link to read the details of your order.
When you click on the file, you find that it isn't information about your "order." It's really a virus designed to phish for personal and banking information.
"As the holidays approach, it's a common tactic for phishing scammers to send e-mails claiming to be from Walmart, Target, or even FedEx to lure consumers into opening a phishing virus;" said Nancy B. Cahalen, President and CEO of BBB of Central New England. "Two of the more prevalent e-mail scams during the holidays both involve notices for items you don't remember ordering. Consumers either receive notices from retailers to pickup packages in the store, or notifications of attempted deliveries for packages they don't remember ordering. In both cases, the e-mails are designed to gain access to your personal information. Watch out for these scams as you wrap up last minute shopping."
The fraudulent shipping e-mail scam is somewhat similar to the "pick up your package" scam. In this variation, you receive an e-mail impersonating shipping vendors, such as UPS, USPS, or FedEx. As the holidays approach, it's a common tactic for phishing scammers to send e-mails claiming to be an alert about an undelivered package, or to provide order details regarding a package delivery or an invoice file.
As with the first scam, by clicking on the provided link you're actually uploading a virus that will phish for your financial and personal information.
If you receive an e-mail about a package pickup, or delivery notice but don't remember placing an order, it's likely not legitimate. If you are expecting a delivery and are concerned that there may be a real issue, contact the company directly using verifiable contact information.
5 Simple Rules to Spot a Scam Email:
While these two scams use different tactics, their goals are the same - to phish for personal and banking information. Follow these simple rules to avoid getting phished:
Watch for look-alike URLs - Be wary of sites that have the brand name as a subdomain of another URL (i.e. "brandname.scamwebsite.com") or part of a longer URL (i.e. "companynamecustomersupport.com."). A good rule of thumb is to never click on any links or download files from unfamiliar email addresses.
- Hover over URLs in emails to reveal their true destination - Scammers can make links appear to lead to a legitimate website, when they really point to a scam site.
- Watch for typos and bad grammar - As in the Walmart example above, scammers can copy a brand's logo, but their poor writing gives the email away as a scam.
- Call the store - Call the business's customer support line to check the legitimacy of the email. Don't rely on any information contained in the email you suspect is a scam. Find the phone number by typing the company's name directly into your browser.
- Ignore calls for "immediate action" - Scammers try to convince their victims to react on an emotional basis by creating a false sense of urgency with claims of "multiple attempts to contact you" and "act immediately."