SPARTANBURG, S.C. (WSPA) — With more shoppers spending their cash with online retailers this year, tech experts are warning of the rise of delivery scams. According to Check Point Software Technologies, Ltd., the frequency of the crimes spiked 427% from October to November. The scam starts with phishing and could lead to thousands of dollars lost.

“I’ve seen the fake emails that have come out,” Tech After Five Founder Phil Yanov said. In the emails, scammers pretend to be companies like UPS, DHL, FedEx or Amazon, sending bogus “Track My Order” emails or lost shipment emails.

Interacting with the scams could lead confused users to enter financial, personal or other information, forfeiting priceless data to criminals.

To spot the scam emails, Check Point has six points of advice:

  1. Never share your credentials: Credential theft is a common goal of cyberattacks. Many people reuse the same usernames and passwords across many different accounts, so stealing the credentials for a single account is likely to give an attacker access to a number of the user’s online accounts. 
  2. Always be suspicious of password reset emails: If you receive an unsolicited password reset email, always visit the website directly (don’t click on embedded links) and change your password to something different on that site (and any other sites with the same password). 
  3. Verify you are using a URL from an authentic website: One way to do this is not to click on links in emails, and instead click on the link from the Google results page after searching for it.
  4. Beware of lookalike domains: Spelling errors in emails or websites, and unfamiliar email senders.
  5. Always note the language in the email: Social engineering techniques are designed to take advantage of human nature. This includes the fact that people are more likely to make mistakes when they are in a hurry and are inclined to follow the orders of people in positions of authority. Phishing attacks commonly use these techniques to convince their targets to ignore their potential suspicions about an email and click on a link or open an attachment.
  6. Watch for misspellings: Beware of misspellings or sites using a different top-level domain. For example, a .co instead of .com. Deals on these copycat sites may look just as attractive as on the real site, but this is how hackers fool consumers into giving up their data.

If an email seems suspicious, Yanov said, it probably is. His advice? Delete it.

“There’s nothing to be learned here,” he said. “I’m not going to outsmart some dude in another country sending out fake emails.”