That “missed delivery” notice may be a holiday scam

The holiday season may be merry and bright for Americans, but it’s also shaping up to be a plum time for scammers. 

One of their tricks is the “missed delivery” notice, which consumers may be especially prone to fall for, given that Americans are expected to ship more than 1 billion packages between Thanksgiving and Christmas this year. Even if you hadn’t expected a delivery, you may think a relative or friend has sent you a holiday gift and be more susceptible to letting down your guard when this scam comes your way.

The “missed delivery” ploy is a variation of a phishing scam, or when thieves pose as trusted authorities and ask their victims to supply information, ranging from their Social Security numbers to their credit card data. 

In this ripoff, scammers pretend to be delivery services such as FedEx (FDX) or UPS (UPS). In another variation, the swindlers pretend to be from Amazon (AMZN) and alert their victims that something in their order went wrong. The emails include a link that asks the victim for credit card or bank information, according to CBS station KDKA in Pittsburgh.

“It’s the classic phishing scam where you are being socially engineered,” said Amit Serper, principal security researcher at computer security company Cybereason. “They are getting better at making the fake websites look better. Some of them buy actual domain names that are similar. They can get Amazon with a zero instead of the “O,” and it looks legit.” 

With scammers on the prowl, consumers need to be vigilant during the holiday season. Be cautious before clicking on a link in an email, and never open an attachment that looks suspicious, Cybereason advised.

“Double- and triple-check anything,” Serper said. “Don’t click the link inside the email. Go to Amazon and try to check your order status from there” if you receive an email that says a problem occurred. 

Serper said he’s also noticing more fake sites offering supposedly heavily discounted items, such as cameras or laptops, but which are actually scams designed to convince consumers to divulge their credit card info. 

The “missed delivery’ scam has attracted the Federal Trade Commission’s attention, which noted that the emails often include a virus or malware. The bogus emails will ask you to download an attachment or click on a link, and may ask you to “re-confirm” personal or financial information. The FTC advises hovering your mouse over the link in the email to check the address.

Amazon also has information about detecting a phishing scam as well as a link for reporting swindles to the company. If emails purporting to come from the retailer have an ISP other than @amazon.com, it said, then it’s a fake.

Said Serper: “Just remain vigilant. That applies for the rest of the year.”