The holiday shopping season has brought with it a notable increase in cyber threats targeting consumers. According to recent data, there has been an 86% increase in malicious websites impersonating postal services in the last month. This trend underscores the growing risk for consumers awaiting delivery of their online purchases.
Cybercriminals are taking advantage of the seasonal increase in online shopping to send fraudulent messages that imitate legitimate delivery companies. These messages usually alert about supposed delays or suspensions of packages, with the aim of deceiving victims.
Fraudulent alerts arrive via text messages (smishing) or email. They include links designed to steal personal or financial information. Since buyers expect frequent updates on their deliveries, these scams are more likely to succeed during peak shipping periods.
The Most Impersonated Delivery Brands
Data released by NordVPN reveals that delivery service phishing is growing rapidly, although the scale varies by brand:
- DHL: It was the most impersonated transport company in general. Scam websites using your name increased by 206% month over month.
- DPD Group: Ranked second on the list of attacked delivery brands, with a more moderate 16% growth in fake sites linked to it.
- US Postal Service (USPS): Ranked third, but saw the sharpest acceleration, with an 850% increase in malicious websites imitating it in a single month.
Marijus Briedis, CTO of NordVPN, warns that scammers are evolving at an unprecedented pace. They use artificial intelligence not only to automate attacks, but also to make them “deeply compelling.”
The Impact of Smishing and Financial Losses
Text message-based delivery scams (smishing) are a major driver behind this trend. A NordVPN survey found that 38% of respondents had encountered delivery scams, many of which landed directly on their phones. Text messages often bypass spam filters and are opened quickly, increasing the possibility of impulsive clicks.
According to the US Federal Trade Commission (FTC), consumers lost $470 million to text message fraud in 2024, five times more than in 2020. Fake delivery notifications have become one of the most common and profitable scam formats during the holiday season.
A common tactic in recent messages is to claim that packages are being held due to unpaid tariffs or customs fees. This strategy relies on urgency and fear of missing deliveries to pressure recipients to click on malicious links.
Recommended Protection Strategies
NordVPN recommends several precautions to reduce exposure to these scams:
- Avoid clicking: Do not click on tracking links found in unsolicited texts or emails.
- Use official channels: Enter tracking numbers directly on the shipping company’s official websites or apps.
- Be cautious with urgent demands: Be wary of messages that demand immediate action or payment.
- Inspect sender details: Closely review sender details for altered domains or subtle spelling errors.
- Report Suspicions: Report suspicious messages directly to the carrier or relevant authorities (such as the FTC) instead of replying to the sender.
Tomas Sinicki, CEO of NordProtect, warns that being a victim of a fraudulent website not only means losing money, but also exposes the user to additional risks of fraud and extortion.
References
- NordVPN (research data cited in the article) *Federal Trade Commission (FTC) (data on financial losses from text message fraud) *Link to delivery scam article: Phishing Messages and Social Scams Flood Users Ahead of Christmas