It’s shopping season, and more people are shopping online for convenience or to avoid large crowds. Many of us have packages delivered to our houses on a regular basis during the holidays and year-round, and scammers take advantage of this by engaging in parcel pickup scams.

What the scam looks like

A person posing as an employee of a postal services company sends you an email or calls your home telling you that you have a parcel that can’t be delivered. The emailer/caller claims that if you don’t collect your parcel within 30 days, it will be destroyed.

Says the Better Business Bureau, “If you don’t remember ordering anything that needs to be delivered, the caller may try to convince you the package is a gift from a friend or relative. The caller may sound friendly and professional, making the scam harder to spot. The email messages also look legitimate—containing official logos and using professional language.”

They’ll say they are happy to help you retrieve your package—but first, you need to print off a label to identify it.

But rather than printing a label, you’re actually downloading dangerous ransomware to your computer.

What is ransomware?

According to StopRansomware.gov, “Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.” It means that hackers are basically holding your computer hostage.

Once the files you’ve downloaded by clicking on a link are installed, scammers can use the ransomware to lock files on your computer and even destroy them. The only way you can take back control is to pay the scammers.

How can I protect myself from this and other malware scams?

In addition to tracking all packages so you know when legitimate ones will arrive, there are various steps you can take to protect yourself from parcel pickup and other scams. These include:

• Installing antivirus software on your computer, keeping it up to date, and regularly scanning your computer for any issues. You can either set your software to check automatically at regular intervals or do it manually.
• Making sure your computer is regularly backed up and installing software updates when prompted to help countereffect the impact of ransomware.
• Practicing good security habits in general, including making sure you have strong passwords, using multifactor authentication if available, logging in only through secure networks, and remaining suspicious of unsolicited emails.

Find more tips from the Cyberspace & Infrastructure Security Agency.