With the holidays coming soon, there’s a fair chance that you’re someone who is waiting for a package to be delivered. Phishers regularly try to take advantage by sending out phony package notification emails, hoping that someone will think it’s related to a delivery they’re expecting and click the link.
If you are expecting a package and want to check the status of the delivery, obtain tracking information from your order receipt or by logging into the site on which you made the order, and then go to the official site of the delivery provider to track your package. Do not use a link from an email to go to those sites if you’re not certain that the email is legitimate. Instead, use a bookmark for the site if you made one earlier, or carefully type the site’s address into your browser. Alternatively, for delivery providers you can use Amazon.ca’s reference page with links and phone numbers for delivery providers that they work with.
Now we’ll look at some examples of package phishes and how to spot them. Below is an example of a fake Canada Post email. There are quite a few signs that the email is not legitimate:
- In the subject line, there is a word choice error (malapropism) in “Delays excepted”
- The sender display name and address are very generic in that they don’t match a specific delivery provider
- The description of the shipment as being “from a webshop” is oddly vague
The link in this phish seems to be abusing a legitimate link scanning and redirect service to hide the true destination. That can make it tricky to determine where the link actually goes, but given the red flags above, you can reasonably conclude it’s not going to be the real Canada Post website.
Here’s an example of a fake UPS email. This one is better-crafted than the one above, but there are still some red flags you can spot:
- The sender email address is not from UPS (it appears to be from an unrelated Japanese site)
- Wonky formatting like the misaligned “Track This Parcel” button can be a sign the email is fake
Hovering over “Track This Parcel” will reveal a link to a site on s3.amazonaws.com. It’s worth noting that Amazon isn’t just an online marketplace. Amazon AWS is a major cloud computing provider, and phishers are known to abuse it to host phishing sites. If you see a link to a site on s3.amazonaws.com in an unsolicited email, be wary. Links from an Amazon order email are more likely to go to amazon.com or amazon.ca.