Other ways to search: Events Calendar | UTHSC

Cybersecurity – SCAM of the Week – Shipping and Delivery Phishing Emails


With in-person shopping still considered “high risk”, online shopping with home delivery and the need to meet delivery deadlines creates the perfect scenario for scammers.

U.S. consumers are projected to spend more this year online than ever before. And that means more prospective phishing victims as well. According to Check Point’s security researchers, there has been a 427% increase in shipping-themed phishing emails across the U.S. in November alone.

The breakdown of shipping vendors impersonated includes:

  • DHL (56%)
  • Amazon (37%)
  • Fedex (7%)

The emails, of course, use the story of some sort of delivery issue requiring the attention of the potential victim, asking them to click a link to fix a delivery error and view a status of a package.

The link will either download malicious content or direct victims to fake websites where they need to enter credentials.

While most of these appear to be consumer-focused, it’s completely within the realm of possibility for these same scams to be sent to our campus’ email accounts, as UTHSC is still sending and receiving packages. Best recommendation? Don’t use your UTHSC email address for any personal activities. Limit the use of that email address for UTHSC business only.

Also reported to abuse@uthsc.edu this past week (please note these all came from external email addresses):

  • [Ext] PROJECT –  “I have a proposal of 95 million EUR for your consideration” – file this under too good to be true.
  • [Ext] URGENT REQUEST: what number can I text you at? – variation of the gift card scam, wanting the UTHSC staff member to continue an urgent discussion via text.
  • [Ext] Helpdesk Action Requested Uthsc – looking like it comes from Microsoft Office 365, it offers a link to click on to keep your same password (which is against UTHSC policy).
  • [Ext] no subject –  “Are you free right now? I need you to do something for me.” Another gift card scam attempt.  Now do you see why we talk about it a lot?
  • [Ext] Daily delivery #-1037482 – looks like it is coming from eFax, the actual email address is from Puerto Rico.

Stay safe everyone, and remember to report anything suspicious to abuse@uthsc.edu or contact the Office of Cybersecurity at 901.448.1880 or itsecurity@uthsc.edu.