The holidays are right around the corner and many retailers have urged shoppers to begin holiday shopping early due to supply chain issues. Threat actors are exploiting anxious shoppers’ fears of such shortages by spoofing the US Postal Service (USPS) in phishing campaigns. Threat researchers have seen a credential harvesting phish notifying users of an undelivered package. The email contains a “view details” link that directs users to a fake website allowing them to reschedule delivery for $1. When entered, the user’s credit card information and credentials will be stolen. Unfortunately, holiday scams have become an annual event. Threat actors routinely use the excitement of the holidays and Black Friday sales to scam individuals and steal their information.
Analyst Notes
When shopping online, be aware of social media scams offering discounts and coupons that require personal information to be entered. Steer clear of suspicious websites, emails, and ads that offer too good to be true deals or unrealistic discounts. The most important thing to do is be vigilant while shopping online this season to protect sensitive information. Be sure to get a tracking number for items purchased online and follow the delivery process closely.
If you suspect you have been the victim of a holiday scam, contact your financial institution immediately. Request that your bank reach out to the institution where the fraudulent transfer occurred and contact local law enforcement.
https://cybernews.com/news/attackers-spoof-us-postal-service-amid-holiday-shopping-havoc/
