Here’s Your Friendly Holiday Reminder Not to Click on “Undelivered Package” Emails

Online shoppers, beware.

Paul J. Richards/AFP/Getty Images

Ever gotten an email that your package could not be delivered? A recent USA Today report warns online shoppers to think before they click. Holiday season is open season for hackers who send out these fake “undelivered package” emails to lure unsuspecting gift-givers to open attachments containing malware or ransomware.

IBM Security Vice President Caleb Barlow told USA Today that these fake package emails spike between Thanksgiving and shortly after Christmas. According to the report, common subject lines include:

We could not deliver your parcel, #00556030

Please Confirm Your DHL Shipment

Problem with item delivery, n.000834069

Delivery Receipt | Confirm Awb no;XXX830169

Your order is ready to be delivered

Courier was unable to deliver the parcel, ID00990381

Your DHL is here please download attachment to view detail and confirmation of your address

And in November, phishers launched a massive spam campaign to millions of email inboxes that said “Your Amazon.com order has dispatched,” USA Today reported. The emails contained a ZIP attachment that downloaded ransomware on the computer of any user who clicked it. These kinds of emails can contain either malware, that could give hackers access to users’ personal accounts, or the more dangerous ransomware, which “allows criminals to remotely lock up your computer.”

These spam emails are nothing new. FedEx, UPS, and the Federal Trade Commission all have pages on their sites to help customers identify these spam emails. According to a 2014 report from Snopes, the phishing emails often include attachments that appear as Microsoft Word documents but actually carry harmful viruses that could corrupt your computer.

So how can you protect yourself? Always verify the email address from the sender, never open attachments from senders you don’t know, and as a general rule, trust nothing and no one.