The holidays are right around the corner and many retailers have urged shoppers to begin holiday shopping early due to supply chain issues. Threat actors are exploiting anxious shoppers’ fears of such shortages by spoofing the US Postal Service (USPS) in phishing campaigns. Threat researchers have seen a credential harvesting phish notifying users of an undelivered package. The email contains a “view details” link that directs users to a fake website allowing them to reschedule delivery for $1. When entered, the user’s credit card information and credentials will be stolen. Unfortunately, holiday scams have become an annual event. Threat actors routinely use the excitement of the holidays and Black Friday sales to scam individuals and steal their information.
Headline-grabbing attacks such as Solarwinds, Kaseya, Colonial Pipeline, JBS Foods and the Log4j vulnerability kept