Tricky Phishing Emails Exploit Shopping Frenzy to Set Shipping Lures

Last updated September 25, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

Malicious actors are doing everything possible to exploit the spending spree that characterizes this period, starting from November and going into the Christmas holiday season. It is estimated that consumers in the United States alone have spent $21.7 billion in online shopping during the first ten days of November, and the momentum continues.

Since all of the products bought online are shipped, and crooks are looking to exploit precisely that.

Source: CheckPoint

According to a report by CheckPoint researchers, there has been an explosion in the volume of shipping-related phishing emails in November. In numbers, we see a 440% increase, with Europe topping the list, and North America and APAC following right after.

In most cases, the phishing actors are mimicking DHL, while Amazon and FedEx are also impersonated heavily.

Source: Checkpoint

So, the actors are sending messages to random individuals informing them of a “delivery issue.” In many cases, they just send an email that supposedly contains a shipment tracking URL. Since there are a large number of clients actually waiting for packages right now, the actors have high rates of success in convincing the people to click on embedded buttons and links.

Source: Checkpoint
Source: Checkpoint

From there, the victims are taken to all kinds of malicious websites, from straight-out phishing forms that ask the visitors to enter their details, supposedly to help deliver the package to the right place this time, to malware-dropping web pages.

Source: Checkpoint

As always, there’s a number of ways you can protect yourself from these tricks, so here we go:



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: