Lucas Pieper

Blog

  • The “Undeliverable Package” Scam

    With so much done online these days, hoaxes and scams are getting out of hand.  All too often, a scam e-mail gets sent to your inbox that seems to be legitimate. The other day, I almost fell prey to a “fake package delivery” scam.

    How It Got Into My Inbox

    One day, I received an email saying I had an “undeliverable” package due to address complications. Luckily for them, I had been expecting a package that week. The email had the legitimate company’s logo and colors. It sounded official, had a message stating “we will return the package if we do not receive updated delivery information within 24 hours” and a link for me to “provide updated delivery information.”

    What The Scammers Are Trying to Accomplish

    The scammers were looking for personal identifying information – name, address, date of birth, even credit card information for the hypothetical $6 re-delivery fee. Essentially, they wanted enough materials to:

    1. Steal my identity
    2. Use my credit card

    Scams like these work because:

    They induce panic and they appear real. They cause you to “click” before thinking it through.

    Honestly, had I not been sitting at my computer working with my friends, the scam probably would have worked.

    How They Tried To Trick Me

    They used every trick in the book:

    1. Branding that looked perfectly fine (logo, color coordination, formatting – everything was on par)
    2. Urgency (“You must act NOW or your package will be returned!”)
    3. Timing (They got lucky – I WAS expecting a package!)
    4. A URL that looked almost legitimate – enough for someone who wasn’t checking closely.

    It was very well done.

    How I Knew Something Was Wrong

    Because of their excellently executed attempt to fool me, I had to take a step back and re-evaluate. Here is how I knew something was off:

    1. The sender’s gmail account was not a formal sender from the company.
    2. The preview of the link sent me to somewhere other than the legitimate website in question.
    3. There were grammatical errors.
    4. The company has NEVER contacted me this way before.

    Questions To Ask To See If An Email Is Legitimate

    If you ever receive something suspicious that sounds urgent, try these steps to verify legitimacy:

    1. Check the email address – not just the sender’s name. If it’s a Yahoo or Gmail account, red flag!

    2. Hover over the link beforehand. Where does the link really go? If it looks fishy, don’t click.

    3. Check for poor grammar. It sounds funny, but scammers always use odd spacing and word choices which gives them away.

    4. Assess whether or not this is something you were actually expecting. No – you did NOT win a contest you never entered!

    5. Go to the source. If a company says you owe something, go to their actual website instead of risking clicking anything.

    6. Enable two-factor authentication. Even if something leaks and your password gets out, this may save your account.

    Conclusion

    Scams work because they prey on fear, emotion and convenience. Sometimes all it takes is a second to slow down to spot clues that it may be a scam. Hopefully if someone gets a spam message one day, they’ll know better before clicking based on this information!