Business Columns & Blogs

Don’t be fooled by phony order-tracking or delivery-failure emails

I made it through Cyber Monday ordering only one item for a holiday gift. I’m still waiting for it to ship. When it does, I expect I’ll get an email telling me so, complete with tracking number.

Scammers know that many of us are waiting for that email. They are working to catch victims of their fake shipping-delivery notifications.

Here’s how this scam works: You receive an email that appears to be a shipping notification for a package. It may appear to be from a major retailer, perhaps one you’ve shopped at recently. You have been shopping online, and there’s always that relative who sends gifts directly from the store. So you figure it’s probably legitimate. Curious, you open the email and its attachment.

When you click on the attachment, you find that it isn’t a tracking notification after all. It’s really a virus that will download to your computer. Typically, these viruses phish for personal and banking information on your machine, but it’s possible they may be ransomware. Once downloaded, a ransomware virus will lock your computer and urge you to pay a ransom to the scammer to get it unlocked.

Like all scams, this one has many variations. Scammers have posed as FedEx, UPS, the U.S. Postal Service and big online retailers like Amazon. They also change their emails’ contents. A common variation is a fake delivery-failure notification. Scammers say the attached virus is the receipt you need to collect your package from the local office.

In another variation, you may not have to download an attachment, but you must click a link to “verify your order.” You are led to a phishing website that asks you to enter personal information to claim your package.

Avoid common email scams by following these tips from the Better Business Bureau:

Don’t believe what you see. Scammers make emails appear to come from a reputable source. Bad guys will impersonate email addresses, maybe inverting a letter or adding a punctuation mark. Keep in mind: Logos are easy to copy and paste.

Be wary of unexpected emails that contain links or attachments. As always, do not click on links or open the files in unfamiliar emails.

Beware of pop-ups. Some pop-ups are designed to look like they have originated from your computer. If you see a pop-up that looks like antivirus software but warns with an extreme level of urgency of a problem that needs to be fixed, it may be a scam.

Watch for poor grammar and spelling. Scam emails often are riddled with typos.

Immediate action is necessary. Scam emails try to get you to act before you think by creating a sense of urgency. Don’t fall for it.

Emily Valla,, is the Idaho marketplace director for the Better Business Bureau Northwest. To check a business or report a scam, go to or call (208) 342-4649.