FedEx and UPS phishing scams are becoming more common – here’s what you need to know
Cybersecurity researchers at Abnormal Security have warned of a new phishing campaign where the threat actors impersonated UPS and FedEx and attempted to steal people’s sensitive data and payment information.
This would not be unusual if the campaign did not involve an “impressive level of impersonation,” and if the emails being distributed were not “particularly convincing.”
In a detailed analysis posted on Abnormal’s blog, the company explained that at first glance, this phishing campaign isn’t much different from what we’ve seen so far. The attackers pose as the shipping companies and tell their victims that they have a package on its way or that it cannot be delivered.
The scammers then invite victims, via a link in the email, to quickly resolve the issue – by sharing their personal and payment details, and in some cases – even making small payments. Those who fall for the trick have their information stolen, which the attackers can then sell on the black market or use for more disruptive attacks.
Since payment details are also being stolen this time, there is a good chance that hackers will also empty the pockets of organizations around the world.
But this campaign is different because the attackers really went out of their way to convince their victims that they were trustworthy.
“Mock shipping notifications from the past often included minimal text, limited formatting, and little to no imitated branding, aside from perhaps a single logo,” the researchers explained. “In contrast, these campaigns contain a remarkable level of detail, integrating the impersonated carrier’s branding not only into the initial messages, but also into the multi-step phishing sites. Furthermore, the text of the emails is essentially flawless from a grammar, spelling and syntax perspective.”
Either the attackers have done their utmost, or they have found a new, “particularly sophisticated” phishing-as-a-service kit somewhere on the dark web. Only time will tell.