Illicit postal service websites impersonating legitimate delivery firms have surged by 86% during the past month as cybercriminals look to exploit last-minute holiday shopping, Infosecurity Magazine reports.
Malicious texts or emails have been used by threat actors to send fake delivery alerts that include links meant to pilfer personal and financial information, according to NordVPN, which noted DHL to be the most spoofed package carrier, followed by the DPD Group and the U.S. Postal Service.
Additional findings revealed mounting financial losses associated with delivery scams. Individuals have been urged to not only refrain from clicking on tracking links in unwanted messages and thoroughly examine suspicious messages for modified domains but also immediately report such messages to their carriers or the Federal Trade Commission.
“Scammers are evolving at an unprecedented pace, using AI not just to automate attacks but to make them deeply convincing. With the holiday shopping season in full swing, consumers must remain vigilant against increasingly sophisticated phishing schemes targeting delivery services,” said NordVPN Chief Technology Officer Marijus Briedis.
