Carding 4 Carders
Professional
- Messages
- 2,724
- Reaction score
- 1,588
- Points
- 113
An international phishing campaign causes problems for victims from different countries.
In recent weeks, the number of phishing attacks targeting customers of the U.S. Postal Service (USPS) has increased significantly. An investigation by KrebsOnSecurity revealed that the attackers organized an extensive smishing campaign (smishing) to steal personal and financial data, imitating the USPS website and postal services in at least 12 countries.
The KrebsOnSecurity resource reported a case when one of the users received an SMS, allegedly from the USPS, with a notification about a problem with a parcel addressed to him. Clicking on the link in the message led to the domain "usps. informedtrck [.] com".
The phishing site contains the USPS logo and a message stating that the parcel cannot be delivered due to an incorrect recipient address. The victim is asked to correct the data from the link. After clicking on the link, the user gets to a page where more information is requested.
The remaining links on the phishing page lead to the official USPS website. After collecting information about the address, the fake USPS site requires you to enter additional personal and financial data.
The phishing site's domain was registered recently, and its WHOIS records are almost nonexistent. However, analyzing the page using developer tools in browsers allows you to find evidence confirming the scale of the operation.
Detected links between links on phishing sites
Analysis of the domain showed a link to a number of other domains that mimic the USPS. All of them lead to sites specifically designed to steal user data. The investigation revealed that many of the malicious domains were registered through the platform Alibaba.com, and the specified place of registration — "Georgia, AL" does not actually exist.
A search of domains registered through Alibaba with the specified location revealed almost 300 recently created phishing sites that mimic the postal services of various countries, including Australia, Ireland, Spain, Costa Rica, Chile, Mexico, Italy, the Netherlands, Denmark, Norway, Sweden and Finland.
One of the incidents was an attempt at phishing through an imitation of the site "usps. receivepost [.] com", data from which was sent via a Telegram bot to the user "@chenlun", which offered for sale ready-made source code for creating phishing pages.
@chenlun profile with ad code
Experts focus on the danger of the threat, emphasizing the need to increase the level of education of users in the field of cybersecurity and introduce additional security measures on the part of postal services. It is important that customers are aware of potential threats and aware of the risks associated with processing personal information online. With the holiday shopping season looming, each of us must be vigilant to avoid possible financial losses and protect our confidential information from unauthorized access.
In recent weeks, the number of phishing attacks targeting customers of the U.S. Postal Service (USPS) has increased significantly. An investigation by KrebsOnSecurity revealed that the attackers organized an extensive smishing campaign (smishing) to steal personal and financial data, imitating the USPS website and postal services in at least 12 countries.
The KrebsOnSecurity resource reported a case when one of the users received an SMS, allegedly from the USPS, with a notification about a problem with a parcel addressed to him. Clicking on the link in the message led to the domain "usps. informedtrck [.] com".
The phishing site contains the USPS logo and a message stating that the parcel cannot be delivered due to an incorrect recipient address. The victim is asked to correct the data from the link. After clicking on the link, the user gets to a page where more information is requested.
The remaining links on the phishing page lead to the official USPS website. After collecting information about the address, the fake USPS site requires you to enter additional personal and financial data.
The phishing site's domain was registered recently, and its WHOIS records are almost nonexistent. However, analyzing the page using developer tools in browsers allows you to find evidence confirming the scale of the operation.
Detected links between links on phishing sites
Analysis of the domain showed a link to a number of other domains that mimic the USPS. All of them lead to sites specifically designed to steal user data. The investigation revealed that many of the malicious domains were registered through the platform Alibaba.com, and the specified place of registration — "Georgia, AL" does not actually exist.
A search of domains registered through Alibaba with the specified location revealed almost 300 recently created phishing sites that mimic the postal services of various countries, including Australia, Ireland, Spain, Costa Rica, Chile, Mexico, Italy, the Netherlands, Denmark, Norway, Sweden and Finland.
One of the incidents was an attempt at phishing through an imitation of the site "usps. receivepost [.] com", data from which was sent via a Telegram bot to the user "@chenlun", which offered for sale ready-made source code for creating phishing pages.
@chenlun profile with ad code
Experts focus on the danger of the threat, emphasizing the need to increase the level of education of users in the field of cybersecurity and introduce additional security measures on the part of postal services. It is important that customers are aware of potential threats and aware of the risks associated with processing personal information online. With the holiday shopping season looming, each of us must be vigilant to avoid possible financial losses and protect our confidential information from unauthorized access.
