Using data from tens of millions of endpoints around the world, Check Point Research recently detected a significant increase of phishing emails - 440% since October - impersonating the world's largest shipping companies, such as DHL, Fedex and Amazon.
In Israel, Check Point noted a 103% increase between November and October, with 56% of the emails containing fake messages related to shipments by Amazon, 36% by DHL and 18% by Fedex.
On a global scale, DHL is the most popular brand in these phishing attacks; 56% of the total increase in November was due to impersonation, 37% of the increase mimics Amazon and 7% Fedex.
By region, the most significant increase in the number of phishing emails was in the US with an increase of 404% from October to November. Phishing emails aim to get consumers to enter their personal information on a fake website so that the hackers can steal the details (mainly credit card information) for their own gain. Phishing scams mimic all aspects of the online shopping experience, including ads about promotions, shopping sites and home deliveries.
To avoid falling into the trap of phishing scams, Idan Sharabi, director of damage and phishing research at Check Point, shared the following tips with online shoppers:
• Be suspicious about emails regarding deliveries. If you received an email requesting a password reset - do not click on the link. If necessary, it is best to reset a password from the original website of your shipping company.
• Check the source of the email (its address) and avoid clicking on links from sites whose address is not the official address. If you are unsure, reach the company website through your search engine (such as Google) and not through the email you received.
• Sites that look real are not necessarily real. Be on the lookout for spelling or punctuation errors in the site address or in the sender's name.
• Pay attention to the language in the email. Think about whether this is the language you have chosen to be spoken to by the shipping company, and in any case, look for spelling errors throughout the text. This is an indicative sign of phishing.
• Avoid reusing user and password information: Many of us use the same password on different sites, so a mistake we make in one place is enough to allow hackers to hack into many of our accounts.