During periods of high e-commerce activity, such as Christmas, Black Friday or sales, a scam is particularly popular with cybercriminals: the parcel delivery scam.
To trick their victims, criminals take advantage of the fact that many people are waiting for packages to pretend to be delivery companies, such as La Poste, Colissimo, UPS or DHL. You receive an email or text message, containing a fake tracking number, telling you that your package could not be delivered and that you must pay a fee to reschedule delivery.
The goal ? Steal your personal information and banking data.
How to avoid phishing attempts?
#1. Do not click on links or attachments:
According to the General Directorate for Competition, Consumer Affairs and Fraud Prevention (DGCCRF), “before clicking on a dubious link, position your mouse cursor on this link (without clicking) which will then display the address to which it actually points in order to verify its plausibility”. If this option is not possible, do not click on any links or attachments!
#2. Check language level
Sometimes, received emails or SMS contain lots of spelling mistakes. Pay attention to capital letters, grammar or the writing of your name!
#3. Do not provide personal information:
According to the DGCCRF, sensitive information should never be communicated by e-mail or by telephone: “No administration or serious commercial company will ask you for your bank details or your passwords by e-mail or by telephone”. And even if an organization asks you for your personal information, it will go through a secure service. Do not get fooled !
#4. Verify Sender
If you are really expecting a package, check the sender: the official websites and email addresses of the various delivery services systematically contain the name of the package. For example, La Poste_Colissimo always sends its emails via these addresses: < [email protected] > or by < [email protected] >. Note that, for SMS, messages are sent by 38004.
But be careful all the same: by using the graphic codes of delivery companies, criminals sometimes only change one character in the address of a site to deceive their potential victims. So open your eyes!
#5. Contact the organization concerned
If, despite everything, you are afraid of missing out on a package, contact the organization concerned directly, via its official channels (telephone number, agency, etc.) to ensure the veracity of the email.
What to do if you are a victim of the delivery scam?
If you are the victim of a cyber malicious act or if you want to report a phishing attempt:
- Oppose immediately if you have communicated your banking information and contact your bank to get reimbursed;
- If you have communicated your password, modify it;
- If you clicked on an attachment or a link, update your antivirus and perform a full scan of your phone to check that it is not infected. If software has installed on your device, uninstall it immediately, then restart your phone;
- To report spam, contact the 33700 platform or the Signal Spam site;
- Report the address of the phishing site to the Phishing Initiative;
- File a complaint by providing all the evidence in your possession.
For further information, please visit the website https://www.cybermalveillance.gouv.fr/
LR