Opinion

Ho Ho Holiday Scams

2022-12-14
5 minute read
ss image
Jeff Sager
Author
blog post banner

"It's the most wonderful time of the year…" was a Christmas song written well before telecommunications scams came into existence! Unfortunately, these days, holiday season means scammers are out in full force, which is statistically worse for Christmas than the Grinch, Scrooge, and the mean dad from Elf combined. We here at Sipstack would like to do our part to spread some holiday cheer and make sure you're staying informed of two of the most prevalent holiday scams to look out for this holiday season.

Delivery Scams (Fed EX, Amazon, UPS, etc.)

Delivery scams refer to emails with shipping notifications that appear to be sent from legitimate mail carriers and parcel delivery services, but are actually sent from illegitimate scammers trying to steal your money.

The Covid-19 pandemic impacted online shopping in a big way, as it did with many industries, including telecommunication fraud. And what better time for scammers to take advantage of the influx of online shopping than the holidays?

Already in 2022, the Federal Trade Commission has seen over 200,000 online shopping scam complaints, with reported losses of over $270 million[^1]. The Better Business Bureau said online shopping losses are estimated to exceed $380 million by the end of the year[^2]. Interestingly, they say the age group at the highest risk for these online scams are 18 to 24 year olds since they engage in online shopping the most. This is in stark contrast to many other scams that specifically target senior citizens, including The Grandparent Scam. The point is whether you're young or old, nobody is immune to these scams, so it's always best to stay vigilant.

When online shopping and waiting for a delivery to arrive, emails with shipping notifications are to be expected. This is why scammers create fake delivery emails, which mimic authentic ones prompting you to click on a link. As soon as you click it, however, malware installs onto your computer or smartphone, and the scammer can track your internet browsing history and other personal details.

Here's a real example of a fraudulent email, allegedly from UPS:

"UPS tried to deliver your parcel, but nobody was home. Click here to rearrange your delivery."

Here's another example, seemingly from FedEx:

"Your FedEx package with tracking code XX-0000-XX00 is waiting for you. Update your delivery preferences here."

And if you're an online shopping scammer, why not also take advantage of the most popular online retailer in the world? Here's an example of a delivery scam email from Amazon:

"Because of COVID-19, your package is running late. We apologize. To make it up to you, here is $500 to spend at Amazon."

If you're thinking that you've seen many emails like this even when you're not expecting an online order, you would be correct. Essentially, scammers send out millions of these emails, especially during the holidays, just hoping that some people will be expecting packages from these companies. Of course, some are, and of those, some will be concerned about their package not arriving on time. These are the unlucky ones who are most likely to get scammed.

Phone and SMS Delivery Scams

Although email is the most popular communication method for delivery scams, both phone calls and SMS are often used as well. The details may vary, but the basic premise remains the same: There's been a problem with your delivery, and now you must provide your personal or financial details to solve it. If you mention on the phone that you haven't ordered anything, scammers have been known to try and convince you that the package is a gift from a relative or friend, and you need to provide these details to claim it. Honestly, not bad, scammers… These people are almost as creative as they are evil!

SMS delivery scams are no different. You will be asked to click on a URL or visit a website to fix the "delivery issue", which, you guessed it... results in malware. (Maybe I spoke too soon about their creativity...) Spammers are actually relying more and more on SMS scams because they know people are more likely to engage via text messages than phone calls.

Here are some SMS examples of delivery scams:

"Earn $300 while you drive with an Amazon Flex sticker on your vehicle. Click on this link to get started."

"UPS wants to gift you a MacBook Pro. Provide your details so we can ship it to you right away."

"We need you to confirm a time-slot for your delivery. Click here."

Food Delivery Scams (Uber Eats, Postmates, DoorDash, etc.)

Food delivery scams essentially operate in the same way, except that scammers are pretending to be food delivery services instead of shipping services. Similar to the aforementioned delivery scams, the fraudster has no way of knowing if you've actually ordered a pizza, sushi platter, or groceries that evening. But because so many people do so off of companies like DoorDash, Uber Eats, or Postmates, especially during the holidays, they can make an educated guess. Be on lookout for bogus email or SMS notifications that appear to be from these companies. They may pretend there is an issue with your order, or else act like you have access to some type of promotion. Here are some common examples:

"There's been a problem with your Uber Eats order. Please click here to update your details."

"Your food is on its way! Click here to confirm your delivery address."

"You've won a $50 Uber Eats credit. Treat yourself to free food this holiday season! Claim your credit now!"

If you think these links will cause malware to be downloaded onto your device, you are catching on and are now officially at least as intelligent as your average scammer.

Speaking of intelligent scammers, we've all seen emails in our junk or spam folder that are fairly obvious scams. Sometimes, however, scammers are more sophisticated, and already have access to some of your personal details. When these more believable emails arrive at a time that you have a legitimate online food order on the way, even the most intelligent among us can be fooled. (I fell for one last year, and I for sure fall into the "most intelligent among us" category...) The point is it's important to be extra cautious when giving out any personal information, either on the phone or online, so that scammers can't use it against you in an email that is super believable and totally would have fooled all of you too, okay?!

Overall Tips to Avoid Holiday Scams

  • Only click a URL link in an email or text if you have verified where it came from.
  • Don't answer phone calls from unknown numbers, and if you do get a call or text from a number you don't recognize, enter it into Whois by Sipstack to assess its Risk Rating Score.
  • Never provide personal information to unknown callers.
  • Never follow any requested call prompts. ("Press 1 to claim your prize.")

How SIPSTACK Fights Fraud

Using the latest technology and machine learning, SIPSTACK's systems authenticate all activity in real time against variables that affect your security. When a carrier implements SIPSTACK's Risk Rating Score, they are able to customize a threshold for calls to pass through, based on their specific needs. At SIPSTACK we take an active role in ensuring we are building a secure and connected tomorrow. Contact us today to learn how you can protect yourself from spam.

References

1 https://www.ksnblocal4.com/2022/11/27/better-business-bureau-warns-against-holiday-scams/ 2 https://www.ksnblocal4.com/2022/11/27/better-business-bureau-warns-against-holiday-scams/