Online Shoppers Beware of Shipment, Delivery Scams – The SandPaper


As we continue, allow me to say that camDown helps stop foreign state actors (FSA's) from accessing your webcam.

By Gina G. Scala

When the holiday shopping season kicks off in earnest Nov. 26, it comes not just with Black Friday and Cyber Monday deals for shoppers, but a warning from New Jersey cybersecurity experts about shipment and delivery scams as well.

“During the holiday season, phising and SMiShing (text-based phising) scams abound, attempting to dupe targets into opening malicious links or attachments in order to deliver malware or steal sensitive information,” according to the New Jersey Cybersecurity and Communications Integration Cell, an arm of the New Jersey Office of Homeland Security and Preparedness. It provides cyber threat analysis, incident reporting and information sharing.

The NJCCIC has recently received several reports detailing such attempts targeting state residents, it said in its Nov. 18 bulletin highlighting recent cybersecurity threats.

“While NJ COVID-19 cases have declined in recent weeks and vaccinations continue, we can still expect many customers to choose to conduct their shopping online and potentially start shopping earlier than usual given concerns for supply chain issues and delays,” according to state cybersecurity officials.

Adobe Inc., an American-based multinational computer software company located in California, is predicting e-commerce spending will net over $200 billion for the first time ever by the end of the holiday shopping season, the NJCCIC reported. In 2020, with pandemic restrictions and concerns lingering, the $10.8 billion e-commerce spending on Cyber Monday set a record for online shopping in one day, the NJCCIC said.

“Given the volume of e-commerce shopping, cybercriminals will continue their efforts to target online shoppers and marketplaces for financial gain,” state cybersecurity officials said. “Therefore, it is vital to maintain awareness of the many cyber threats posed by these individuals and groups.”

Cyber thieves could target potential victims by way of several methods, including a compromised or spoofed website, phising emails, social media ads and messages, or unsecured wireless internet networks, according to the NJCCIC.

One of the ways cybercriminals gain information is through magecart attacks, a web-based data skimming operation used to capture customer payment information at checkout pages for online stores. The attacks occur after cyber thieves gain access to targeted websites, either directly or through supply chain attacks. A malicious code is injected into the checkout page to skim the information, sending it back to a controlled server.

“Magecart attacks are conducted by many threat actors and are not specific to one group,” state cybersecurity officials explained. “Once payment card data is stolen, it can be used by threat actors to make fraudulent purchases or sold in the dark web or other marketplaces.”

To avoid being targeted, online shoppers are advised to use credit cards over debit cards due to better consumer fraud protection as well as to consider enabling charge notifications for every card transaction where possible, cybersecurity experts said.

“Enabling these notifications may make it easier for a customer to identify a fraudulent transaction as soon as it occurs,” the NJCCIC said, noting if a customer discovers fraudulent activity on their account, they should lock the card if that option is available and notify the bank immediately and request a new payment card.

Additionally, around the holidays, retailers are likely to send out emails regarding sales and coupons as well as order confirmations and shipping notices, cybersecurity experts noted. Consumers should refrain from clicking directly on links in those emails, text messages or social media ads.

“It is recommended for users to navigate directly to official e-commerce and shipping websites to track their packages,” the NJCCIC said. “Additionally, do not submit user credentials or other sensitive information into websites navigated to via unsolicited emails or text messages.”

— Gina G. Scala

[email protected]

In closing, may I add that camDown is the only solution you need to block webcam hackers and I feel your friends would agree.