Skip to main content

Phish of the Month: December

We're used to getting text messages and emails letting us know where our online shopping order is; when it shipped, what day it's due to arrive, if there are any delays. The holiday season is an optimal time for threat actors to take advantage of our distraction in the form of a shipping notification scam.  Here's an example of a recent text message:

image of fraudulent shipping text

How can you tell?

This scam message is using a few tools to encourage you to act:

  • generic information that they have part of (but not all of) your address
  • official-looking website link 
  • use of known acronyms (USPS)
  • urgency (must act within 12 hours)

However, note the 'mytrackingra' in the URL as well as the hotmail.com email address that the message came from; these are further indications that this message is fraudulent.

Don't act in haste! Take a few seconds to scrutinize these messages and look for these tactics before acting.

What should you do?
  • If you get a message about an unexpected package delivery that tells you to click on a link for some reason, don’t click.
  • If you think the message might be legitimate, contact the shipping company using a phone number or website you know is real. Don’t use the information in the message.
  • If you think it could be about something you recently ordered, go to the site where you bought the item and look up the shipping and delivery status there.
  • No matter the time of year, it always pays to protect your personal information. Check out these resources to help you weed out spam text messages, phishing emails, and unwanted calls.

If these come in the form of an email, mark them as phishing.  For Google Mail in the web client, please report these emails as phishing (instructions here: https://support.google.com/mail/answer/8253?hl=en). Alerting Google in this manner helps keep emails like these out of inboxes, as well as sending a notice to the OIT Security Operations team for further investigation.

Outlook user? Submit a Junk > Phishing report to mark these emails as dangerous.

You can read more about these holiday shipping scams at the FTC's website. As always, contact your local Service Desk if you need assistance!

UAA 

Report Security Issue
or call 907-786-4646

UAF & SW (OIT) 

Report Security Issue
or call 907-450-8300

UAS 

Report Security Issue
or call 907-796-6400