sb-as logo
Story image

Check Point warns of surge in phishing scams as hackers impersonate delivery vendors

There is a surge in email phishing campaigns targeted delivery vendors as hackers seek to take advantage of the holiday shopping season, according to new research from Check Point. 

Hackers are impersonating trusted delivery vendors, like Amazon, DHL and FedEx, to commit financial fraud. The emails are designed to trick recipients into disclosing their personal details by using message guises of “Delivery Issue” or “Track your Shipment”.

Hackers are timing these email phishing campaigns to coincide with the anticipation of package deliveries for online shoppers who made purchases during the holiday shopping season, where US consumers spent $9 billion online on Black Friday, up 21.6% on a year ago, according to Adobe Analytics.

According to Check Point, hackers are targeting both the before and after sides of the online purchasing experience. Two weeks ago, Check Point researchers documented an 80% increase in malicious phishing campaigns targeting online shoppers in the form of “special offers”, urging shoppers to be wary of “too good to be true” bargains found online. In fact, 1 out of every 826 emails delivered to users worldwide are malicious phishing emails, where the ratio at the beginning of October was 1 out of more than 11, marking a 13x increase.

400% European increase in shipping-related phishing

In the month of November, Check Point researchers documented a 400% European increase in shipping related phishing emails, compared to October. Emails impersonating DHL made up 56% of the total volume of shipping-related phishing emails, followed by Amazon at 37%, and FedEx at 7%.


Europe topped the list in terms of total number of phishing emails. The numbers grew over four times (401%) compared to October. 77%  of these emails in November were fake DHL mails.


In the US, the increase was similar (427%) comparing November to October. The leading impersonated brand was Amazon with 65% of all phishing emails impersonating different Amazon shipping related notifications. 

Asia Pacific (APAC)

APAC showed a more moderate, though significant, increase (185%) with DHL accumulating almost 65% of the total phishing emails.

“Hackers are going after the entire online shopping experience, before and after people have made purchases," says Check Point manager of data intelligence, Omer Dembinsky. 

"First, hackers will send “special offers” to peoples’ inboxes from their favourite brands. Then, hackers will send an email about the delivery of purchases, even if you bought from a trusted source," he explains.

"Now that Black Friday and Cyber Monday are over, we’re turning towards the other side of the equation, which is deliveries. Think twice as you open up any post-purchase emails this holiday season. 

"The email could be from a hacker. Take a closer look at any email that alleges they are from Amazon, DHL or FedEx. Watch for misspellings. Beware of Lookalike Domains. It’s clear to us that hackers are targeting online shoppers at every step of the online shopping experience, where the danger is very real before and after you make a purchase.”


Story image
CompTIA forms Cybersecurity Advisory Council, led by 16 security execs
The new body will be co-chaired by Tech Data director of security solutions Tracy Holtz, and Alvaka Networks chief operating officer and chief information security officer Kevin McDonald.More
Story image
Check Point exposes Android malware vendor using dark net to rebrand products
Check Point security researchers have exposed an Android malware vendor using a marketer on the dark net to rebrand its products, with the intention of supercharging business and throwing off security vendors. More
Story image
Red Hat to acquire Kubernetes-native security provider StackRox
Red Hat will further expand its security offering, adding StackRox's complementary capabilities to strengthen integrated security across its open hybrid cloud portfolio.More
Story image
Hornetsecurity acquires Altaro, the latest in acquisition spree
The move is a culmination of a medley of acquisitions made by Hornetsecurity recently, following the January 2019 acquisition of Spamina, a Spanish cloud email security company, as well as EveryCloud, its British market partner, in early 2020.More
Story image
Cybersecurity spending to increase following SolarWinds hacking
Hackers breached software provider SolarWinds, directly infecting the company’s Orion software as well as several local, state and federal agencies.More
Story image
Ensign and Cybereason expand security offerings with partnership
Partnership enables mutual customers throughout APAC to access managed detection and response capabilities.More