What the Tech? How to Avoid Shipping Scams

Amazon’s Prime Days sales events are the most anticipated shopping days of the year. Even bigger than Cyber Monday and Black Friday.

While shoppers get excited about Prime Days, so do scammers and if you placed any orders over the last couple of days, you’ll likely hear from cyber criminals trying to take advantage of your anticipation.

Shipping scams surge following shopping events and the bad guys are getting more creative at tricking customers into handing over their credit card information and passwords. Here’s how the scams work:

A shopper receives an email that looks similar to ones sent by UPS, Amazon and FedEx.

These messages even use the company logos and the return email address may include the name of the company. The email states that the shoppers order is being held at a facility or that it can not be delivered. There will be a link to what the email says goes to a website to track the package.

The FCC, Better Business Bureau, UPS, the USPS, and FedEx issued warnings about this scam that surges around Christmas and Amazon’s summer sales event.

By clicking the link, the scammers might install malware or ransomware on the shopper’s computer. The malware can hide for several weeks before installing itself. It may even run quietly so the shopper never notices until pop-ups begin appearing on their screen.

If it is ransomware, the kind that shut down the Colonial gas pipeline and other companies and entities, the scammer will ask for an amount of money in order to unencrypt the files that are being held hostage.

The FCC states that recently the scammers have begun using text messages to dupe customers into believing a package is delayed or being held in shipping.

While Google is great at catching suspected spam and ransomware messages in Gmail, text messages are another story. If a scammer gets your phone number they can send a text with a link, asking you to click it to claim or track your package.

What happens if you click on that link on a mobile device? Apple’s iPhones are very secure and will not (in most cases) install any programs that install malware. The links in text messages are phishing attacks. Tapping the phishing link might send you to a website or place a call where you’ll be asked to verify your Amazon account by telling them your username and password.

Of course if a scammer gets those two things they can purchase anything at Amazon using your account.

It is best to ignore any message you are not expecting. Amazon, Walmart, or Best Buy will not text you and ask to click on a link. If you want to track your package it is completely safe to do so on the Amazon or Walmart websites using your login information and tapping or clicking on “your orders”.

The FCC notes that these shopping and shipping scams target young people who do most of their shopping online.

Categories: News Video, What The Tech