Scammers are taking advantage of shopper’s last minute delivery panic with a surge in fake parcel delivery websites. Group-IB is reporting a 34% increase in such sites in just the first 10 days of December, over November. In one campaign alone, CERT-GIB detected 1,539 phishing websites impersonating postal operators and delivery companies, since the beginning of November. The campaign affects delivery services in 53 countries.
In a typical attack, scammers send SMS messages to victims, often disguised as “urgent” or “failed” delivery notifications. The messages mimic well-known postal services, prompting recipients to visit scam websites and leave their personal and payment details. These sites will use official names and logos, using typosquatted URLs to add legitimacy.
To avoid detection by researchers and law enforcement, the fake sites are only live for a few days and restrict access geolocation, device and operating system.
Emily Phelps, Director, Cyware had this comment:
“Unfortunately, opportunistic cybercriminals use timeless tactics to target unsuspecting consumers in the digital age – exploiting human behavior. During the holidays, we often see surging scams centered around common activities like online shopping and gift giving, creating a sense of urgency. So, if you receive a text or email that strikes panic, take a pause to consider if the message looks suspicious or legit. Haste makes waste and taking a moment to be sure it’s from a valid source can make you more secure.”
If you want an example of what one of these scams looks like, I did a breakdown on such a scam here. Please take a look at it so that you’re not caught off guard by one.
Pre-Christmas delivery Scam Sites Up 34% In December Alone
Posted in Commentary with tags Group-IB, Scam on December 21, 2023 by itnerdScammers are taking advantage of shopper’s last minute delivery panic with a surge in fake parcel delivery websites. Group-IB is reporting a 34% increase in such sites in just the first 10 days of December, over November. In one campaign alone, CERT-GIB detected 1,539 phishing websites impersonating postal operators and delivery companies, since the beginning of November. The campaign affects delivery services in 53 countries.
In a typical attack, scammers send SMS messages to victims, often disguised as “urgent” or “failed” delivery notifications. The messages mimic well-known postal services, prompting recipients to visit scam websites and leave their personal and payment details. These sites will use official names and logos, using typosquatted URLs to add legitimacy.
To avoid detection by researchers and law enforcement, the fake sites are only live for a few days and restrict access geolocation, device and operating system.
Emily Phelps, Director, Cyware had this comment:
“Unfortunately, opportunistic cybercriminals use timeless tactics to target unsuspecting consumers in the digital age – exploiting human behavior. During the holidays, we often see surging scams centered around common activities like online shopping and gift giving, creating a sense of urgency. So, if you receive a text or email that strikes panic, take a pause to consider if the message looks suspicious or legit. Haste makes waste and taking a moment to be sure it’s from a valid source can make you more secure.”
If you want an example of what one of these scams looks like, I did a breakdown on such a scam here. Please take a look at it so that you’re not caught off guard by one.
Leave a comment »