With Black Friday, Cyber Monday, Thanksgiving, and the Christmas holidays fast approaching, cyber criminals are working round the clock to create new scams, such as the shipping notification scam, to phish for private information and commit identity fraud.

As many employees will be shopping online during working hours, cyber security leaders need to educate employees on phishing threats and teach them how to identify a shipping notification scam or fake package delivery scams whenever they confront them.

This article will examine how a fake package delivery scam and other online threats work and how to avoid these threats with measures like security awareness training, so you can help make sure your employees don’t fall victim to fraudsters.

What is A Shipping Notification Scam?

A shipping notification scam is a type of phishing scam where a fraudster contacts the victim claiming to be part of a mail carrier or delivery service with a phone call, email, or SMS message and says that they were unable to deliver a parcel to your door.

As part of the phishing attempt, the fraudster will ask the victim to verify private information and credit card details to “reschedule” the delivery. If the recipient provides personal information by phone or email, the cyber criminals will steal it to commit identity or financial fraud.

Typically, email messages will include a fake tracking link, which either takes the user to a phishing website or directly downloads malware onto their computer. Many of these emails are very difficult to detect because they imitate the branding of large courier companies like UPS to appear legitimate.

In a different phishing attack variation, cyber criminals often use fake package delivery notifications attached to email messages to trick people into installing malware. Once the unsuspecting recipient opens the included file to view the notice, a virus-like ransomware is installed on the computer or network.

Other Online Cyber Threats You Need to Be Aware Of

Unfortunately, shipping notification scams aren’t the only type of cyber threat employees need to be aware of over the holiday period. Some other common threats include:

  • Email offers – Criminals send out emails with bogus prize offers or sales offers to bait the recipient to provide personal information or open a file. Email offer scams often link to a phishing website or malware file.
  • Phishing websites – Phishing websites are fraudulent websites designed to imitate legitimate brands and retail sites to trick visitors into entering payment information for products that don’t exist so a hacker can steal their credit card data.
  • Fake social media promotions – Cyber criminals often promote counterfeit products on social media through a fake account by using popular hashtags to trick users into handing over their payment details. Unsuspecting users may share these promotions with their contacts, further propagating the attack.
  • Christmas/Cyber Monday/Black Friday Sales Websites – Ahead of peak retail periods, fraudsters regularly create unofficial sales websites with bogus offers and promotions to encourage consumers to click on malware links and attachments or hand over their personal information.

How to Avoid Falling Victim to a Shipping Notification Scam or Phishing Attempt: Tips for Employees 

For employees, vigilance is the key to detecting online scam attempts. To avoid falling victim to a shipping notification scam or other online shopping threat, employees should:

1. Never provide personal information to unsolicited messages or calls

Reputable mail carriers and parcel delivery companies won’t request your name, address, account number, password, or credit card detail for no reason, so don’t provide any personal information to any unsolicited communications. Look for official email addresses and only visit official web sites by manually entering the web address.

2. Do not click on suspicious email links or attachments

Email links and file attachments are the most common ways cyber criminals transmit malware, so it is essential to avoid clicking on email links from unknown senders. Hover your cursor over any links to see where the link will take you, and don’t click if you’re in doubt about the email’s legitimacy.

3. Track products you do purchase

Whenever you buy something online, make a record of what you’ve purchased and the expected delivery date so that you can detect a fake shipping notification message when you see one.

4. Watch out for spelling mistakes

Even somewhat convincing scam emails often have spelling or grammatical mistakes. If you see lots of grammatical errors, unnatural phrasing, or misspelled words, then there is a high chance that the message you’re reading is fake.

5. Don’t be afraid to hang up on unsolicited calls

Many fraudsters prefer to scam victims over the phone because they can build “rapport” with the person on the other end of the phone and use high-pressure tactics to extract information, so don’t hesitate to hang up if someone unfamiliar is asking for personal information.

How to Help Employees Avoid A Shipping Notification Scam Attacks or Phishing Attempt: Tips for Cyber security Leaders

To help employees avoid shipping notification scams, phishing attempts and other online threats, cyber security leaders can:

1. Provide security awareness training

Offer Security awareness training and phishing awareness training to teach employees how to detect and report the latest online threats. Phishing simulations can provide real-world examples of shipping notification scams so that employees will know how to spot them.

2. Train internal cyber security ambassadors to raise awareness of phishing threats

Designate a couple of your team members to act as cyber security ambassadors and monitor employee phishing awareness. Ambassadors can encourage the use of fun and engaging phishing microlearning modules so staff can learn about new threats.

3. Send out ongoing communications

New scams are emerging every day, and sending out ongoing communications to update employees about new threats reduces the likelihood of a phishing attempt catching them off guard. For example, you can send out an email warning about the latest shipping notification scam and provide tips on spotting such an attack.

4. Educate your employees about phishing threats

Phishing attempts are among the most common methods hackers will use to steal personal information, so educating employees about these threats with phishing simulation tools is paramount to keeping phishing threats top of mind.

5. Establish phish reporting and handling protocols

As employees become more proficient at detecting phishing messages, you will need to establish standard procedures for reporting and handling these events. A well-informed user, that quickly reports a phishing attempt gives organizations the ability to protect all their users proactively.


The holiday season is an excellent time to support employees by guiding them to stay safe online without having personal and financial information stolen by unscrupulous attackers.

For cyber security leaders, security awareness training with phishing simulations is necessary to ensure employees can detect a shipping notification scams when they see it and act accordingly.



Cybersecurity Hub

Cyber Security Hub : Access Exclusive Cyber Security Content

Sign up now to access engaging, shareable cyber security awareness content that’s available in multiple formats.