Delivery phishing scams are already on the rise ahead of Black Friday

News
By published

Last year was tough, but 2021 could be even tougher, experts warn

Email overload
(Image credit: Shutterstock)

The email domains of popular delivery companies in the UK are insufficiently protected against phishing, spoofing, and other forms of fraud, making them an ideal attack vector this Black Friday and the rest of the holiday season.

This is according to a new report from Tessian, which claims that things could get a lot worse than last year, due to various supply chain issues and poor security protocols.

According to the company, fraudsters could easily impersonate email domains of two-thirds (64%) of the top couriers. Of all the best global couriers, just a fifth (20%) have configured Domain-based Authentication, Reporting & Conformance (DMARC) to its strictest setting, allowing malicious actors to “directly impersonate” a courier’s domain. 

Impersonating delivery companies to try and trick people into giving away valuable personal information, such as passwords, is nothing new. This year, a third (33%) of UK’s consumers have already received such a phishing email, but Tessian believes these figures will “soar” during Black Friday and Christmas.

This time last year, the company detected 90,000 phishing attacks, more than three times the amount recorded in the weeks leading up to Black Friday. 

How to identify a phishing email

“Identifying the signs (of a phishing email) may not be as easy as you think if attackers are convincingly impersonating a delivery firm in their messages,” comments Tim Sadler, CEO for Tessian. “Therefore, it’s so important to question every message you receive and always think before you click.”

According to the experts, recipients should always be wary of typos and other spelling errors, as those are the first, and most common, red flag. Then, they should verify the sender’s identity, by making sure their name and email address match up, especially for consumers reading emails on a mobile device. Malicious actors will often spoof a brand name, hoping readers don’t take the time to inspect the email domain.

At the end of the day, most delivery companies and retailers have multiple communications channels open at all times. Consumers can do their due diligence by reaching out to the company directly, to confirm the authenticity of the message received. 

You should also check out our list of the best security keys out there today

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Concept art representing cybersecurity principles
Cybercriminals cashing in on holiday sales rush
A graphic showing someone on a tablet working through a supply chain.
How phishing attacks are hitting the supply chain – and how to fight back
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
A man looking at a tablet with a brown Best Buy package on the desk in front of him
Huge Christmas data breach - 14 million shipping records leaked, putting shoppers at risk
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Everything you need to know about phishing
Paper craft illustration of a suspicious email that contains a snake
How to spot a phishing email
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
The iPhone 16 Pro Max and Samsung Galaxy S25 Ultra

5 things I want from the iPhone 17 – or I’m out and back to Android
See more latest
Most Popular
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Dell Pro Max with GB300
HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space