The IT Nerd

At this time of year, you’re likely ordering online to get every gift that’s on your list. Scammers know that and take advantage of that to try and scam you. Take this example:

This text message hit my phone last night. It comes from an Ottawa area number which is supposed to lull you into a false sense of security so that you don’t look at this too critically. That way you won’t question the fact that the website that they want you to go to isn’t one that belongs to Canada Post. That on top of the fact that Canada Post will never send you a text message unsolicited. Legitimate Canada Post SMS tracking or mail notifications and marketing communications will only show the sender as 272727 or 55555 and you have to sign up to get them. As for the website, it’s not canadapost-postescanada.ca. Thus this has scam written all over it and you should report it as junk. But because I investigate these scams, I’m going to do the things that you should not do and see what this scam is all about. Clicking on the link, which you should never do, gets me this:

So there’s a fake CAPTCHA that is meant to make you think that this is a real website. I will give the scammer bonus points for being to snag the IP address of the VPN connection that I was on as that adds to their attempt to fool you into thinking that this is real. I have to deduct points for the website not using SSL (Secure Socket Layer) to encrypt traffic evidenced by the “Not Secure” banner in the URL bar. No self respecting company in 2023 would ever have an website that didn’t use SSL. Thus if you somehow made it this far, you should be saying to yourself that this is a scam.

Going further into the website, you get this:

Now this is a really good copy of the Canada Post website. But it falls apart in several areas:

• The URL is not https://www.canadapost-postescanada.ca for starters. So that’s a #Fail right off the bat.
• There’s also no tracking number listed. That’s a #fail as well as any sort of package that Canada Post or any courier handles would have a tracking number.

Now if you click on “Reschedule Delivery”, here’s what you get (click to enlarge):

This is where it begins to become clear what the threat actors are up to. First they want to grab your personal info. And I know that because Canada Post would have no reason to ask you for your date of birth. When I entered fake info, I encountered logic that made you fill out certain items that reinforced the fact that the threat actors want your personal info. Likely to do some form of identity theft.

Once you fill in your info and click next, this is what you get (click to enlarge):

The threat actors want your credit card info as well. Likely to use it to buy a ton of stuff on someone else’s dime. But also to reinforce any attempt to steal your identity. I say that because a lot of places want your birthdate and your credit card along with a home address to run a quick credit check on you. So this threat actor could in theory use this info to take out anything from a cell phone to a loan.

Now this isn’t a new scam by any means. But it clearly isn’t going away as I suspect that the threat actors likely had some success with it. Plus as I said earlier, people are more likely to fall for it at this time of year. But you should not be one of those people. If you get one of these text messages, delete it and move on with your holiday activities.

This entry was posted on December 20, 2023 at 8:26 am and is filed under Commentary with tags Scam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.