Hackers Targeting Grocery Store Delivery Emails

I’m pretty sure one of my neighbors hasn’t left the house since the start of the pandemic. They quarantine hard! But those delivery trucks show up like clockwork every day. Albertsons, Sprouts, Gelsons, Target…clearly this family is still eating well.

They aren’t alone. Grocery delivery services have surged during the COVID-19 quarantine. These delivery services help maintain social distancing, lower the number of shoppers in each store, and allow high-risk shoppers to safely buy items from home.

But as usual the bad guys have sniffed out a new opportunity to trick people. The popularity of these delivery services has caught their attention.  Hackers are now spoofing supermarkets that offer delivery services in hopes of stealing your personal information. Let’s not even talk about the despicable nature of targeting the people that are the most vulnerable.

It starts with a phishing email that urges you to log in to your supermarket’s website using the link provided. Clicking the link takes you to a fake login page for your local supermarket. The page asks you to select your email provider (Gmail, Apple, and so on) and then log in to connect your account.

Don’t fall for it!

Connecting your account actually delivers your email credentials to the bad guys.

Don’t forget to use proper email security measures:

• Never click on a link within an email that you weren’t expecting. Don’t be fooled just because you’re expecting a delivery. The crooks don’t have to know you are waiting for a delivery to get the timing right. Especially during the pandemic, they can simply assume you are and they’ll be right for a lot of people a lot of the time.
• Remember that email addresses can be spoofed. Even if the email appears to be from a familiar organization, it could be a phishing attempt.
• Check the URL in the address bar. These days, most cybercriminals are using HTTPS websites, because everyone expects a padlock in the address bar. But the padlock doesn’t say you are on the correct site, merely that you are on a site with an HTTPS certificate. Consider going to your laptop if you can, and checking out the link from there. It’s worth the extra trouble because the address bar is bigger and tells you more.
• When an email asks you to log in to an account or online service, log in to your account through your browser-not by clicking the link in the email. That way, you can ensure you’re logging into the real website and not a phony look-alike.

If you need assistance with cybersecurity services or employee security awareness training contact DarkHound at [email protected]. We would love to assist your business so you can stay cyber safe!

Source: Knowbe4

Image Source: https://www.pexels.com/photo/several-apples-beside-bread-pack-and-brown-paper-bag-1992912/