Consumer advocates are warning about a scam that's targeting online holiday shoppers in Southern California.
Cyber criminals are sending fake emails that say shoppers have missed a package delivery, and urge them to click on a "package label" they can take to the delivery service to track their missing parcel.
Unfortunately, the "label" links embedded in these phony notifications actually download malware onto consumers' computers.
Top news of the day
"[The malware] can track your keystrokes," says Rigoberto Reyes, chief investigator for the Los Angeles Department of Consumer Affairs. "So next time you log onto your bank account, [hackers] could be capturing your password, your information, and then drain your account."
The fake emails appear authentic, as they bear logos from UPS, the U.S. Postal Service and FedEx.
So how can you tell if an online notification is legitimate or a scam?
Beware of any emails that urge you to click on a link or download an attachment.
More red flags: an email that insists on your immediate action, or asks you to "reconfirm" your personal or financial information.
Reyes suggests you avoid the threat by deleting any email about missed packages.
"There's one way to protect ourselves," he says. "[If your package hasn't arrived], why not simply call the delivery service directly? That would avoid a lot of headaches with identity theft, malware and any other issue that comes up when you click on those unwanted emails."