Site icon Sophos News

Advent tip #21: Bought online? Watch out for bogus courier emails!

If you’ve been doing any last-minute online shopping for Christmas gifts, you may well be waiting with increasing anxiety for the items to be be delivered.

So, don’t let your guard down when it comes to emails claiming to be from couriers.

The trick usually goes like this: the courier company tried to deliver your parcel, but no one was home, or the address wasn’t correct, or something like that.

You need to contact the couriers to check out the details and make arrangements so the delivery can be completed.

If you happen to be expecting a delivery, the email may seem perfectly well-timed…

…and, to help you out, there’ll be a web link or an attachment in the email that you can click or open to sort things out.

Even if the email doesn’t look quite right – for example, because it contains bad English, or mentions a courier company you don’t usually use – it’s still tempting to click through or open up the document, just in case.

After all, if the site turns out to be bogus, or the document to be fraudulent, you don’t have to take things any further.

Except that by then it could be too late.

Booby-trapped documents that infect your computer simply through opening them are an increasingly common weapon in the cybercrime armoury.

So too are web pages loaded with so-called exploit kits that fire off a sequence of attacks on your browser while you’re distracted by the rest of the page.

If in doubt, look up the courier company’s phone number yourself (don’t use the number in the email!) and give them a ring.

💡 LEARN MORE – The danger of booby-trapped Office attachments ►

💡 LEARN MORE – A real-world “courier delivery” scam that foisted malware on Mac users ►

💡 LEARN MORE – How exploit kits attack your browser ►

Images of Christmas tree and Advent calendar courtesy of Shutterstock.

Exit mobile version