Phishing Email Scam: Shipping Notification

Phishing Email Breakdown 

This phishing email pretends to be a shipping notification, urging recipients to verify their address through a fake “secure” link. It creates a sense of urgency by warning that the package may be returned if no action is taken, tricking users into revealing personal information. 

Visual Example of the Phishing Email 

Full Text from the Phishing Attempt 

Urgent: Verify Your Shipping Address 

Action needed to avoid delivery issues with your recent package. 

Dear Valued Customer, 

We’re contacting you because our system encountered an issue while attempting to validate the shipping address associated with one of your recent orders. 

To ensure successful delivery, we kindly ask you to take a moment to review and confirm or update your shipping details via the secure link below. 

Verify Shipping Information 

Please update your information promptly. Failure to verify your address may result in your parcel being returned to the sender. 

For your security, please do not reply to this email with your address or personal details. Use the secure verification method provided above. 

Thank you for your quick attention to this matter. We want to ensure your order reaches you without delay. 

How to Protect Yourself? 

1. Verify the Sender: Always verify the identity of individuals claiming to be someone important, especially if the message seems out of the ordinary and asks for personal information. 
2. Avoid Clicking on Suspicious Links: Hover over or copy the link to view the complete domain name. Scammers often create URLs that resemble authentic ones by inserting subtle misspellings or extra characters. If the link looks suspicious, it’s safer to visit the official website directly or use a reputable search engine to find the correct webpage. 
3. Watch Out for Emotional Triggers: Phishing emails often use fear, sympathy, or urgency (e.g., “Your account will be closed immediately!”) to push users into acting without thinking. Pause, reevaluate the request, and confirm its legitimacy before responding. 
4. Be Mindful of Generic Greetings: Phishing emails commonly start messages with “Dear User” or “Dear Sir/Madam” rather than using your real name. Legitimate messages typically include your actual name or specific account details. 

Important Notes: 

1. Report Suspicious Messages: Reporting phishing attempts helps prevent others from falling victim to these attacks. Send suspicious messages to is-spam@mcmaster.ca for review and investigation. 
2. Educate Yourself: Learn about common phishing tactics. Consider participating in the Information Security Training Program to protect against cyber threats and secure your digital world.