Check Point Research (CPR) researchers have been following a thorough, systematic operation in which threat actors are leveraging the entire ecosystem of shopping this season. From special offers, through designated shopping days such as Chinese singles day, Cyber Monday and Black Friday, all the way to the shipping and delivery process to try and trick victims into disclosing their personal details and use those details for financial theft and fraud.
In the report, CPR reveals that during the month of November 2020, the company's researchers noted a 440% increase in phishing emails that are impersonating internationally-known shipping companies such as DHL, Amazon & FedEx. Europe tops the phishing surge, followed by North America & APAC. Emails impersonating DHL made up 56% of the total volume of shipping-related phishing emails, followed by Amazon with 37%, and FedEx with 7% of total.
Unlike classic phishing emails that are designed to lure people into giving personal details, credit card info or bank account credentials, these emails impersonate shipping vendors with different versions of fake messages reporting delivery issues or tracking details to lure recipients into clicking and submitting credential information.