Symantec has recently observed phishing websites spoofing courier service brands. There were primarily three brands targeted and fraudsters were attempting to steal customers’ login credentials.
So what’s in the login credentials of courier service brands that fraudsters can take advantage of? Couriers provide their customer with several online features upon registering with the brand’s legitimate website. The features help customers to track their shipments, make online payments for their orders, specify the address for delivery, and so on. If login credentials are stolen, fraudsters can benefit from these features because it may enable them to reroute valuable packages to any address they provide.
In one of the phishing sites, the page prompted the customer to update user details, purportedly because "the account had not been updated for a considerable time." The details that required updating included sensitive information such as login credentials, account name, account number, and billing address. When the requested information is entered, the page redirects to the legitimate website, which creates the illusion that the update is complete. If customers fall victim to these phishing sites, they may end up losing their customer identity with the courier, which would—at the very least—result in the failure of having their packages delivered to the recipients.
Some of these phishing sites were created unprofessionally, which can be noted from the fact that clicking on certain links in the phishing page returned a “404 Page Not Found” error. Typically, such errors do not occur in legitimate websites.
Several kinds of domains were utilized in hosting the phishing sites. Some of them were Web hosting domains, some were compromised legitimate domains, and further were IP domains (IP-based URLs look like this: http://255.255.255.255/).
Internet users are advised to follow best practices to avoid phishing attacks. Here are some basic tips for avoiding online scams:
• Do not click on suspicious links in email messages.
• Check the URL of the website and make sure that it belongs to the brand.
• Type the domain name of your brand’s website directly into your browser’s address bar rather than following any link.
• Frequently update your security software, such as Norton Internet Security 2010, which protects you from online phishing.