In the ever-evolving landscape of cyber threats, phishing scams continue to be a formidable challenge for individuals and businesses. One particularly deceptive form of phishing is the use of fake shipping notices. These scams exploit the growing reliance on online shopping by impersonating trusted delivery services. Let’s delve into this technique to better understand how it operates and what steps can be taken to defend against it.

Typical Targets of Fake Shipping Notices

Fake shipping notice phishing campaigns typically target a broad spectrum of internet users, capitalizing on the universal appeal of receiving packages. The most common targets include:

• Individual consumers, especially during peak shopping seasons like Black Friday and the holiday period

• Employees in companies with high volumes of package deliveries, such as logistics or retail companies

• E-commerce businesses that frequently communicate with shipping carriers

Tactics, Techniques, and Procedures (TTPs)

The Tactics, Techniques, and Procedures (TTPs) used in fake shipping notice schemes are varied and continually refined:

• Spoofed Emails: Attackers often use spoofed email addresses that closely resemble legitimate courier companies like FedEx or UPS.

• Subject Lines: Common subject lines might include “Your package is out for delivery” or “Shipping confirmation: Track your package now.”

• Pretext: These emails often claim an issue with delivery, such as incorrect address, urging the victim to click a link to rectify.

A pretext in phishing is the fabricated scenario used by attackers to lure targets into falling for the scam.

Anatomy of Phishing Lures

The elements of a fake shipping notice are meticulously crafted to appear legitimate. They typically have the following characteristics:

• Branding: Use of logos and branding similar to those of real courier services, often lifted from legitimate emails.

• Urgent Language: The email may create a sense of urgency to act quickly, such as “Immediate action required!”

• Links and Attachments: Hyperlinks masked as tracking numbers lead to phishing sites, or attachments claiming to be invoices initiate downloads containing malware.

Payloads and Credential Harvesting

Once a victim engages with the phishing lure, the attackers may deploy various payloads:

• Credential Harvesting: A phishing site mimics a reputable courier’s login page, capturing login credentials of the victim.

• Malware: Downloaded attachments can deliver malware, such as keyloggers or Ransomware.

• Account Takeover: Stolen credentials can facilitate account takeovers, leading to further exploitation.

Example of a phishing URL payload

http://example.com/track-shipment?orderid=123456789

Redirected to

http://phishingsite.com/fake-courier-login

To safeguard against these types of attacks, it’s crucial to remain vigilant and ensure robust security measures. Regularly updated security software and awareness training can significantly reduce the risk of falling victim to such scams.

Related Reading

• Invoice Phishing
• Phishing with Forms
• Verification Phish
• Shared with you Phishy docs