top of page

Attack Spotlight: Fraudulent Shipping Notifications

Updated: Nov 7, 2019


Our latest Attack Spotlight—now available—covers the trending threat of shipping-themed phishing emails. Share these free security awareness materials to help your end users stay safer this holiday season (and year round). 

Defend Against

The Proofpoint global intelligence platform analyzes billions of data points a day to deliver unmatched visibility into attack patterns and methods. In September, we saw an uptick in attackers’ use of fraudulent shipping alerts. And we know that, historically, these types of attacks escalate sharply in November and December.

Many malicious notifications mimic messages from operators like UPS, FedEx, DHL, and USPS. Recent campaigns have been targeting several industries, including the following:

* Manufacturing

* Technology

* Healthcare

* Retail

* Construction

Attackers often use fraudulent shipping emails to spread malware. But these phishing attacks can also compromise account credentials and steal money from unsuspecting recipients.

Warn Employees About Fraudulent Shipping Notifications

Organizations and consumers regularly receive valid shipping alerts. This familiarity makes it harder for people to spot messages that imitate well-known brands. That’s why we advise you to raise awareness of these types of attacks now, ahead of the busy holiday shopping (and shipping) season.

It’s critical for users to understand the methods attackers are using. Our latest Attack Spotlight provides a real-world example of a fraudulent shipping notification. It also informs users of the ways attackers try to fool them, including the following:

* Sending phony tracking numbers

* Saying a package could not be delivered because nobody could sign for it

* Requesting additional postage so a package can be delivered

* Warning that a package has been held because of an invalid address

* Attaching files that appear to be invoices or claim forms

20 views0 comments


bottom of page