‘Tis The Season For Gift Giving, and For Scams.

Each year, more people are skipping the lines at the malls and opting to order gifts online. With the increase in online ordering and package delivery, the door is open to phishing scams that use the brands of well-known delivery companies like UPS to get past our scam radar. The scammers are sending emails (called phishing) that appear to be from UPS to get victims to divulge financial or UPS account information. The emails can often look legitimate, using the official looking UPS logos and colors. Links in the email will typically install malware on your computer and take you to sites requesting account information.

Below are some examples of what a phishing email looks like:

Besides the link being invalid, the UPS logo is of poor quality and size and the wording is off.
Besides having an invalid link, the UPS logo is of poor quality and size.

 

 

 

 

 

 

 

 

 

 

Not only is there an invalid link, grammatical errors, but UPS will never invoice you.
Not only is there an invalid link and grammatical errors, but UPS will never send an invoice like this.

 

 

 

 

 

 

 

 

 

 

 

 

Notice the fraudulent return address, grammatical and language errors, and the link is not a UPS link.
Notice the fraudulent email return address (no_reply@outpost731.com), grammatical and language errors, and the link is not a UPS link.

 

 

 

 

 

 

 

 

Now that you know what they look like, here are some general tips for staying safe on email this holiday season:

  • Read the email carefully and look for any misspellings, grammatical errors, and out of character language (see example above).
  • Most email programs will display the destination domain for a link. Hover your mouse over the link and you should be able to see if it goes to a legitimate UPS.com or FedEx.com domain.
  • Each mail carrier has unique tracking numbers. For example, UPS tracking numbers always start with 1Z. If there is a tracking number provided in the email from UPS that does not start with 1Z, that is a good indication that the email is fraudulent.
  • No company should ask for your account information in an email or ask you to call a specific phone number regarding your account.
  • If in doubt, call the company directly at the phone number provided on their website.