BEWARE – Shipping Emails

Did you order online?  Are you expecting an email on the status of the order or shipping information?  Who isn’t??

The hackers know this and during the Holiday Season, will be sending out high volume of emails made to look like emails from UPS, Fed-ex, US Mail Service, Amazon, etc.  These emails will try to have you 1) click on a link to check the status of your order or shipping details, or 2) run an attachment in the email.

The email link may “look” valid but the underlying link may send you to the hackers website.  For an example of this see my blog on “Fraudulent Links in Emails.  Never click on a link in an email if at all possible to avoid.

The second highly used tactic is to have you run the attachment in the email.  The attachment will most likely be a “ZIP” attachment.  This attachment will actually be a program that will be run on your computer.  Never open a “ZIP” attachment until you have had a knowledgeable IT person review that attachment.  The program you run may, without your knowledge, monitor your keystrokes and send your logins and passwords back to the hacker.  This will most likely lead to identity theft.  OR, the program may be a version of “Ransomware”.  The ransomware will encrypt the files on your computer and possibly business network, then require a monetary payment to un-encrypt your files.  This can become very expensive.

Sometimes the attachment may be a Microsoft Word document ending with “.doc” or “.docx”.  These Word documents will ask you to enable security content of the Microsoft Word program so it can run embedded “macro code”.  Basically, the code will, behind the scene, connect to a website and download the malware program.

The best way to protect yourself is to BE VIGILANT.  Ask yourself the question, am I “expecting” an email with attachment from that specific person?  Don’t assume an email from someone you know is valid.  That person may have malware on his/her PC that is sending to everyone in that person’s contact list.  The “expecting” is the critical part of the question you ask yourself.  If you are unsure, call that person to verify.

Always question the validity of emails concerning orders and shipping.  These hackers are professionals and they are trying to get into your wallet.  Be smarter and question the validity of each and every email.