Experts warn that criminals are exploiting long-standing issues with global supply and delivery chains to trick victims into falling for identity theft scams.
A report from Kaspersky urged people to be on their guard when opening and interacting with messages claiming to be from delivery firms —especially concerning online purchases. The cybersecurity firm says it has seen a significant rise in scams taking advantage of the huge growth in online deliveries spurred by the Covid-19 pandemic.
Kaspersky also flagged a growing number of scams utilizing Facebook’s messaging platform; WhatsApp in order to defraud users out of money. Increasingly localized campaigns see criminals send invoices asking for payment to cover customs duties or shipment. However, clicking on a link or attachment will take victims to a fake website, where their banking or card details are stolen.
Criminals have also reportedly begun running websites that claim to offer a lottery-esque scheme for the chance to buy parcels that could not reach the intended recipients. Such websites offering mystery packages take bids, but victims found that even if they “won” the prize, it never arrived.
“We’re seeing attackers take advantage of new trends and disruptions to steal money and credentials, whether that’s a growing user of messengers or continued problem with mail delivery amidst the Covid-19 pandemic,” Tatyana Shcherbakova, Senior Web Content Analyst at Kaspersky, noted.
Shcherbakova adds that “Spam and phishing schemes are still some of the most effective ways to launch successful attacks because they play on human emotion.” He emphasized that the best thing users can do is be wary of any unexpected emails and be very careful about clicking on any email attachments or links—go to the website directly.
Elsewhere, a scam campaign that took advantage of WhatsApp’s recent privacy policy change concerning sharing information with Facebook was also detected. Users were sent invites to take part in WhatsApp chats with “beautiful strangers” —but on clicking the link, they were instead taken to a fake Facebook login page where their login information was stolen.
As usual, Kaspersky advises people to always check any links in messages or emails before clicking them adding that users can also install a comprehensive security solution to make sure they stay protected from threats.