Scam Alert: "Your Package Has Been Delivered" Email

If you are a regular reader of the ICS blog you are no stranger to the amount of threats out there but for new readers we must stress the importance of security awareness. All these threats have the potential to cripple your critical business resources. We have been seeing an influx of phishing scams making their rounds lately and most have come via email. The newest wave have been including malicious attachments in the disguise of business related invoices or past due bills. These have been fairly successful because this method entices the targeted user to open the attachment without thinking twice. They automatically assume its business related and therefore legitimate. Once the attachment is clicked, malware or ransomware infects the computer. This week’s newest threat falls right into this category.

The “Your Package Has Been Delivered” scam has been wreaking havoc this past week. This new phishing scam comes via email and informs the target that the package they sent for has been delivered. The curious end user then proceeds to click the attachment hoping they will see what has been delivered. A lot of users also click the link out of concern due the fact that they didn’t order anything thinking it’s a mistake. Once the attachment is clicked the ransomware is spread to everything it can get access to on the network and encrypts all important business data and holds it hostage until the demands are met.

It is very important that you always be suspicious of anything coming from a sender you don’t think you know. It is also possible for scammers to spoof legitimate email addresses. The safest method is to question everything that comes into your mailbox.
Recent attacks have started implementing deadlines for payment or you will not have the chance to get it back. Also, the more time you take to pay, the higher the demand becomes. The FBI has reported that last year victims suffered losses weighing in around $18 million and this is only what was reported. Since last year the amount of attacks have only risen. The scammers demand payment in bitcoin due to the fact that the currency cannot be traced. The average attack is said to start off asking for around $500 in payment, although bigger targets usually get larger ransoms.

The first and strongest line of defense against hackers and phishing scams is the employees themselves. Besides user awareness, you must make sure that you have up to date backups running on all your critical business data. It is also very important to have a solid Disaster Recovery Plan in the event of emergencies. For any questions or concerns please contact ICS to ensure that your business is prepared in the event of an attack or disaster.