An SMS telling you to pay 2 euros to validate a parcel delivery? Ignore it, it’s phishing.
At the beginning of December, you are surely waiting impatiently for the arrival of your Black Friday orders or your Christmas gifts. Cybercriminals know this, and they’ve come up with a recurring phishing scam that could almost be called “classic”: the postage scam.
We warned you of the version impersonating the Post office last week. This time, the identity of the American delivery service UPS is used, with the same route. This phishing, an SMS received by Cyberwar, is simple, very well established, and above all, the hackers have applied themselves to its layout. We went to the end of the scam, in order to detail the tricks used by pirates, and how to avoid them.
Oh no, my package could not be delivered
“”, Can we read at the opening of the SMS. Would a delivery man have been impatient while we were at home? Not really: the message, which indicates an order number made up of 14 letters and numbers, specifies that there is no “”. In other words, there would be missing stamps on the package, which would justify the non-delivery. Fortunately, the SMS offers us instructions and has a link to click.
It is a link shortened using the bit.do service, so as to hide the address of the destination site. This string is common, and was recently used in the fake government text message on TousAntiCovid. Problem: bit.do, like bitly, is also used in legitimate text messages sent by businesses that are simply looking to reduce the number of characters in their messages. Suffice to say that users are used to receiving this kind of shortened link without necessarily being suspicious of it.
Used to spotting phishing, we take a closer look at the message. Besides the strangeness of the situation, the sender of the SMS appears to be a 06 number, which UPS would not use. Between the source of the message and the use of bit.do we already smell the scam. But we click.
That the UPS site is well done anyway
We are redirected to a web page in UPS colors. A message asks us to “follow our parcel”, we click. The page gives us the status of the alleged package: it would be held at the depot because of the “”. He offers us to plan the delivery of this mysterious international package by paying the modest sum of 2 euros. It’s strange … And it is precisely at this moment that it is most obvious to spot the scam. If a message seems suspicious to you, there are surely good reasons, trust yourself. It is by rereading the message that we had traversed diagonally that we spot many grammar mistakes, and strangely placed words.
A quick glance at the URL of the site, which we had ignored until now, warns us: tracefr[.]processingupdates[.]club. We don’t know the UPS domain name by heart, but we can be sure it isn’t. As you continue the site validation process, the small problematic details multiply: the confirmation page, for example, displays an “r” backwards over the word “pay”.
What do you mean 256 GB? I was there for a delivery
After accepting the idea of paying incidental customs fees, we are sent on a payment form. He asks for the usual information: name, address, email… But two details seem suspicious. Already, the URL is even more than suspicious. Then it is written above the form “256 GB” and “Graphite”. A storage space, and a color …
As we scroll down the page we realize that we are on a fake iPhone 12 sales page. We should have quit the scam at the very beginning already, and it doesn’t take much more for us to quit his scenario. The hackers are likely to seek to recover personal data and banking information, which they can resell or use for their profit. Unless the scam is just about charging for a bogus product or service.
In any case, nothing to do with a package. What to take away from this little adventure? Ask yourself the questions at the slightest suspicion, and take your time. No matter how crude the path of phishing is, in a rush anyone can get caught in a phishing trap.
CyberGhost, Cyberwarre’s exclusive advertiser, is a premium VPN provider at affordable prices. It has thousands of secure servers spread across the world, allowing it to relocate its IP address and bypass geoblocks. CyberGhost does not keep any record of user activity. Its VPN application is available on all operating systems and connected devices and is the easiest to access on the market. Learn more about CyberGhost’s VPN solution