Online shopping is more popular now than ever and, for some, is an absolute must during the holiday shopping season. You’ve heard the saying, “one man’s tragedy is another’s treasure.” Our predicament is a hacker’s dream. Due to the fact that the e-commerce market is flooded with online shoppers and everyone is racing to get their purchases in time for the holidays, cybercriminals are taking advantage of consumers by sending fake emails that appear as if they are coming from a trusted shipping company or retailer. According to cybersecurity company Check Point, there’s been an over 440% increase in shipping-related phishing emails over the past month. This is a numbers game for hackers—increased shopping volume means higher returns for them during this time of frenzy. Here’s what you need to know.

These phishing emails can look legitimate with logos and other brand images, and they will include a message with some type of seriousness, urging consumers to take immediate action. They might tell you there is a problem with the delivery, suggest you click a link for tracking or to address a problem, or they can even claim that additional payments are required to secure the item. Links are designed to steal your personal information such as name, address, credit card details, email address and password. Once this information is obtained, they have a couple different ways to exploit you.

  1. Use your financial and personal data to access other financial accounts
  2. Sell your information on the dark web to a host of other malicious buyers

Knowledge of just one password can be all a scammer needs to figure out your other passcodes to more sensitive accounts—this is if you use the same password or similar variations of it across multiple accounts. I would highly recommend being suspicious of emails about the delivery of your purchases, especially if they are using a fear tactic to get you to click a link. Instead, go directly to the shipping company or retailer website or call them if you believe the email might be legitimate.

While it might appear that this impacts individual consumers only, that simply is not the case. There are many employees working remotely and some folks have online shopping accounts tied to their work email addresses and, in some cases, use the same password. The combination of these factors leads to unnecessary risks to businesses. In the mind of a cybercriminal, access to corporate accounts is a much bigger catch and would be the ultimate win for them.

To protect yourself and your organization, consider security training for your business.  It’s a cost effective and practical way to ensure your people have the knowledge they need to fight against cybercrime and give you peace of mind.

If you’re not quite ready to take that step, a second-tier protection option is our FREE cyber security tip of the week emails.  We’ll send these byte-sized (IT pun, sorry), quick-read tips to your email inbox once a week. Every tip is packed with unique and up-to-date real-world solutions that keep you one step ahead of the bad guys. You can unsubscribe at any time if you decide the tips are not for you.

If you have any questions or we can assist you, please call LDD at (505) 792-2375 and ask for David Luft or visit our website at