Criminals are exploiting long-standing issues with global supply and delivery chains to trick victims into falling for identity theft scams, experts have warned.

A report from Kaspersky has urged people to be on their guard when opening and interacting with messages claiming to be from delivery firms - especially concerning online purchases.

But the company has also flagged a growing number of scams utilizing WhatsApp in order to defraud users out of money, as well as others pushing fake apps and online romance sites.

Delivery scams

Kaspersky says it has seen a significant rise in scams taking advantage of the huge growth in online deliveries spurred by the pandemic.

Increasingly localized campaigns see criminals send invoices in different languages asking for payment to cover customs duties or shipment. However, clicking on a link or attachment will take victims to a fake website, where their banking or card details are stolen.

Criminals have also reportedly begun running websites that claim to offer a lottery-esque scheme for the chance to buy parcels that could not reach the intended recipients. Such websites offering mystery packages take bids, but victims found that even if they "won" the prize, it never arrived.

“As in the past, we’re seeing attackers take advantage of new trends and disruptions to steal money and credentials, whether that’s a growing user of messengers or continued problem with mail delivery amidst a pandemic," notes Tatyana Shcherbakova, Senior Web Content Analyst at Kaspersky. 

"Spam and phishing schemes are still some of the most effective ways to launch successful attacks because they play on human emotion. The best thing users can do is be wary of any unexpected emails and be very careful about clicking on any email attachments or links—go to the website directly."

Elsewhere, a scam campaign that took advantage of WhatsApp's recent privacy policy change concerning sharing information with Facebook was also detected. Users were sent invites to take part in WhatsApp chats with “beautiful strangers” - but when they clicked on the link, were instead taken to a fake Facebook login page where their login information was stolen.

As usual, Kaspersky advises people to always checking any links in messages or emails before clicking, and install a comprehensive security solution to make sure you stay protected from the latest threats.

Techradar