A reader of this blog tipped me off to this Canada Post scam that seems to be making the rounds. It starts with a text message:
Now the threat actor is hoping that your critical thinking won’t kick in because we’re in that time of year where everybody is having stuff shipped to them. Thus you will be more likely to click on the URL in the message instead of clicking on “Report Junk”. Thus let’s dive in by clicking on the URL which for the record you should never, ever do:
Now this is a very good replication of the Canada Post website. Except for the fact that the URL is not https://www.canadapost-postescanada.ca. But the threat actors are hoping that you won’t notice that. There’s also no tracking number listed. That’s a #fail as well as any sort of package that Canada Post or any courier handles would have a tracking number. Now if you click on “Reschedule Delivery”, here’s what you get (click to enlarge):
And here’s where it begins to become clear what the threat actors are up to. First they want to snag your personal info. And I know that because Canada Post would have no reason to ask you for your date of birth. When I entered fake info, I encountered logic that made you fill out certain items that reinforced the fact that the threat actors want your personal info. Likely to do some form of identity theft. But they’re not done yet.
The threat actors want your credit card info as well. Likely to use it to buy a ton of stuff on someone else’s dime. But also to reinforce any attempt to steal your identity. I say that because a lot of places want your birthdate and your credit card along with a home address to run a quick credit check on you. So this threat actor could in theory use this info to take out anything from a cell phone to a loan. That’s pretty crafty.
Now if you’re wondering how Canada Post would contact you, here’s a quick primer. Legitimate Canada Post email notifications will only come from the email addresses below and only if you’ve opted into receiving tracking notifications or communications from Canada Post:
They will never send you a text message. Thus if you get something that isn’t from one of the email addresses above, and you haven’t signed up for tracking notifications, it’s likely a scam. Legitimate Canada Post SMS tracking or mail notifications and marketing communications will only show the sender as 272727 or 55555, and you will only get them if you have signed up to receive those notifications. Thus if you haven’t opted into getting these texts, it’s a scam.
The holiday season is a prime time for scammers to operate. Thus you need to make sure that you check any email or text twice to make sure that you don’t fall victim to a scam.
This entry was posted on November 21, 2023 at 9:03 am and is filed under Commentary with tags Scam. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
A New Canada Post #Scam Is Making The Rounds
A reader of this blog tipped me off to this Canada Post scam that seems to be making the rounds. It starts with a text message:
Now the threat actor is hoping that your critical thinking won’t kick in because we’re in that time of year where everybody is having stuff shipped to them. Thus you will be more likely to click on the URL in the message instead of clicking on “Report Junk”. Thus let’s dive in by clicking on the URL which for the record you should never, ever do:
Now this is a very good replication of the Canada Post website. Except for the fact that the URL is not https://www.canadapost-postescanada.ca. But the threat actors are hoping that you won’t notice that. There’s also no tracking number listed. That’s a #fail as well as any sort of package that Canada Post or any courier handles would have a tracking number. Now if you click on “Reschedule Delivery”, here’s what you get (click to enlarge):
And here’s where it begins to become clear what the threat actors are up to. First they want to snag your personal info. And I know that because Canada Post would have no reason to ask you for your date of birth. When I entered fake info, I encountered logic that made you fill out certain items that reinforced the fact that the threat actors want your personal info. Likely to do some form of identity theft. But they’re not done yet.
The threat actors want your credit card info as well. Likely to use it to buy a ton of stuff on someone else’s dime. But also to reinforce any attempt to steal your identity. I say that because a lot of places want your birthdate and your credit card along with a home address to run a quick credit check on you. So this threat actor could in theory use this info to take out anything from a cell phone to a loan. That’s pretty crafty.
Now if you’re wondering how Canada Post would contact you, here’s a quick primer. Legitimate Canada Post email notifications will only come from the email addresses below and only if you’ve opted into receiving tracking notifications or communications from Canada Post:
They will never send you a text message. Thus if you get something that isn’t from one of the email addresses above, and you haven’t signed up for tracking notifications, it’s likely a scam. Legitimate Canada Post SMS tracking or mail notifications and marketing communications will only show the sender as 272727 or 55555, and you will only get them if you have signed up to receive those notifications. Thus if you haven’t opted into getting these texts, it’s a scam.
The holiday season is a prime time for scammers to operate. Thus you need to make sure that you check any email or text twice to make sure that you don’t fall victim to a scam.
Share this:
Like this:
Related
This entry was posted on November 21, 2023 at 9:03 am and is filed under Commentary with tags Scam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.