The text, when it came, seemed genuine. A package that was due for delivery but needed a customs charge to be settled first; a link was included so you could pay in advance.
The website looked genuine too, with the proper logos and not a comma out of place. The only giveaway? The “customs charge” was supposedly for a package coming from the UK - which currently does not have any customs fees.
Another popular scam is to send a fake invoice purporting to be from an online retailer, such as Amazon, in an attempt to encourage people to log in and cancel the bogus order. When you “log in” through the fake website, the scammers capture your details and then use them to steal from your genuine account.
If you re-use those log in details on other websites, you are also at risk of having other accounts compromised.
The risk of falling victim to a scam of this type is heightened at this time of year, when online shopping ramps up and people may be less able to keep track of all the packages that are due to arrive.
There are some easy steps you can take to protect yourself though.
Be cynical
Even if the email seems genuine, look for any signs that it may not be as legitimate as it seems at first glance. Scammers are getting increasingly sophisticated but they do occasionally slip up.
For example, is the greeting on the email generic? Does the link look as it normally should? Are there any spelling mistakes or glaring grammatical errors that might give it away?
Don’t click the link
Regardless of how genuine an email appears, if you get an email or a text from a courier company asking you to click on the link to make a payment or log in to your account, don’t.
Go to the company’s website by typing the URL into the browser’s address bar and log in with your details.
In the case of the fake delivery and customs request, a quick trip to the genuine website would show that no such tracking number existed, revealing the scam. If it’s a fake order notification you’ve received, simply go to the website and check under your account, where you should find your order history.
Enable two-factor authentication
If you have an account that has two-factor authentication as an option, enable it.
Two-factor adds an extra layer of security to your accounts, so you not only need your password but also something like a randomly generated code sent to your phone, or a pop up on your other devices asking for permission to grant access to the account.
Scammers may get hold of your account details, but two-factor will stop them from getting further.
Keep your software up to date
If your device or apps have software updates pending, it’s a good idea to install them. While we are all a bit wary of buggy updates, leaving your software unpatched could leave you vulnerable to security risks.
If you are the type to forget about updates, set your security software and operating systems to update automatically, that way the new patches and updates will be punished to your phone automatically.