The portal Zaufana Trzecia Strona warns its readers against a new phishing, which consists of sending false package delivery notification e-mail messages. A moment of inattention can lead to blocking access to the device.

According to the security experts, the scammers send fake e-mails with subject lines containing the text like:

- “Courier's visit date notification”
- “Package delivery notification”
- “Delivery failure notification”

The emails claim to be from one of the major delivery companies (FedEx, Geis, DPD or UPS) contain fraudulent information about an attempted package delivery. The emails then instruct the person to click on a link for more information regarding how and when to get their package delivered.

Clicking on the link can activate a ransomware-type virus (Vortex/Flotera), allowing the scammers to encrypt the personal information stored in the infected device. Afterwards, the scammers inform the victim that the access  to the data can be restored but only after paying suitable ransom.

The biggest problem for the unsuspecting consumers is that the scammers make the e-mails look almost identical to official notifications from the real courier companies. According to the Zaufana Trzecia Strona portal the scammers are using the official logos and even legitimate-looking e-mail addresses.

Cybercriminals use the pre-Christmas period in which the amount of items ordered by us is large. Therefore, even if you are expecting a package, do not click on any links in an email notification. Go to the delivery’s company website directly to get any delivery information.