Many brick-and-mortar businesses were forced to close as a result of the coronavirus epidemic, causing UK consumers to turn to internet shopping in greater numbers than ever before. Even though many businesses have reopened, this tendency has mostly persisted, since millions of customers have become acclimated to the convenience of internet purchasing.
With the rise in online shopping came a new trend of phishing assaults, in which hackers pose as parcel delivery firms to obtain financial information from their targets. Although the Royal Mail and Hermes were formerly frequent targets for these sorts of attacks, the Post Office is currently the most common target.
The victim is usually notified of the attack by text message, which informs them that they have missed a shipment. Occasionally, the communications state directly that the receiver must pay a modest fee to reschedule the delivery. The tiny surcharge is frequently enough to convince victims that the phishing site is authentic, or at the very least that the risk is modest, allowing the phisher to get the victim’s information and possibly steal a much greater sum.
Some texts instead utilize generic URL shorteners to direct targets to phishing sites, although this isn’t always suspicious to all receivers, as URL shorteners are used in genuine text messages as well.
Most phishing tools used in these assaults try to avoid detection by banning undesirable clients like anti-phishing and bots organizations, however, Netcraft manages to get beyond these safeguards.
These kinds of phishing attempts go on to mimic one of many UK banks after faking the delivery firm. This allows the thief to obtain other bank-specific credentials, such as online banking security codes and other tokens, which would be used to gain unauthorized access to the victim’s bank account. Sometimes, the users receive a phone call from the attacker, impersonating an individual from the respective bank. This is done to convince the user of the legitimacy of the transaction.
Effectiveness Of The Attack
These attacks are very effective. This is because users do not get to choose the delivery agent for the orders they placed. As a result, any victim who has recently made an order online might easily mistake an unwanted text message about a parcel that could not be delivered as an anticipated text message and fall prey to the attack, regardless of whose delivery business the phishing site is impersonating as.
The modest redelivery cost demanded by these assaults also reduces suspicions, boosting the possibility of stealing the victim’s credit card or bank account information. Automatically recognizing and mimicking the victim’s bank – without ever directly asking the target which financial institution they use – further enhances the chances of internet banking details being stolen.
New Brands Being Impersonated
The volume of parcel delivery frauds increased dramatically in the second part of last year, and the number continues to rise today. Cyber-criminals have been refining their strategies and focusing on easier-to-target businesses.
In July 2020, Royal Mail saw a modest rise in phishing attempts impersonating DPD, which was followed by a considerably bigger surge in phishing assaults impersonating DPD by the end of the year. By February 2021, Royal Mail had reclaimed its position as the most imitated brand, but this quickly faded as crooks shifted their focus to the courier firm Hermes.
Although the Post Office does not transport packages, it does offer postal services for Parcelforce and Royal Mail. These services are often used to send mail and parcels, however, if a parcel cannot be delivered to a customer, it can be left at a nearby Post Office for pickup, making impersonating the Post Office a feasible option to impersonating Royal Mail.
Furthermore, although the two organizations have been separate since 2012, many consumers still assume Royal Mail and the Post Office are fundamentally the same firms, thus current phishing kits that spoof Royal Mail may be easily updated to impersonate the Post Office.
Installing Netcraft’s mobile apps may safeguard consumers from phishing assaults, and brand owners can employ Netcraft’s harmful site takedown and counterattack service to shut down phishing sites.
