Fraudsters Impersonate USPS in Phishing Campaign to Steal Your Credit Card Data
August 12, 2021
Bitdefender Antispam Labs has intercepted a fraudulent United States Postal Service (USPS) phishing email that seeks to steal targets' personal and financial information under the pretext of missing delivery details and payment.
The scam email claims that a "package delivery is on hold" and recipients have only three business days to confirm payment or risk losing the package.
Interestingly, the "Confirm My Package" website redirects users to a bogus USPS landing page that tells a different story:
"Your package delivery has been stopped in transit due to several failed attempts to log into your account. Please fill this verification form so we can resume your delivery as soon as possible."
The fake website, which closely mimics an official USPS page, is used to harvest a information from victims, including:
- First and last name
- Phone number and email address
- Address and ZIP code
- Credit card information
This scam campaign was active for just one hour, hitting inboxes in the US, the UK and Ireland. Most of the fraudulent emails were sent from IP addresses in the UK and Germany.
Fake delivery emails are a highly popular scam among cyber thieves who continue to capitalize on the increased use of delivery services during COVID-19. Even though this campaign was short-lived, our researchers expect similar phishing campaigns to pop up in inboxes across the globe.
How to spot and protect against bogus delivery scams
It only takes a second of carelessness to fall victim to data thieves. You can avoid becoming another identity theft and fraud statistic by sticking to rules below:
- Never click on links or attachments you receive in unsolicited emails unless you can verify the validity of the sender or organization
- Look for grammar mistakes and inconsistences within the email body
- If you're not expecting a package, disregard any correspondence that states otherwise
- Check the email header and email address
- Go to the official website of the company by looking it up in your browser if you have any questions
- Report attempts at fraud to the company via official channels
- Never provide personal information or sensitive data via suspicious links you receive in unsolicited emails
- Install a security solution on all your devices to fend off fraud, malware and phishing attacks
tags
Author
Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.
View all postsRight now Top posts
Torrents with Pirated TV Shows Used to Push Lumma Stealer Malware
November 14, 2024
What Key Cyberthreats Do Small Businesses Face?
September 06, 2024
FOLLOW US ON SOCIAL MEDIA
You might also like
Bookmarks
