Customers of well-known courier services are often targeted by cybercriminals. Sometimes they try to make them open malicious files attached in emails with the excuse of needing them to verify transaction details, but lately Symantec has detected a number of phishing sites that spoof website of courier services.
With the pretext that the customer’s account hasn’t been updated for a considerable time, the site asks the customer to enter account details such as UserID and password, account name and number, and billing address.
You might think that this information isn’t really that sensitive, but it can definitely be misused by the criminals taking over the identity of the customer with the service in question and – at the minimum – redirect valuable packages to another delivery address. Also, you might be one of those users who constantly recycles their passwords, so this password can be tried with a various usernames on more important accounts (email, social network, PayPal, etc.)
Once the users enter the wanted credentials, they are redirected to the official website of the courier, making the illusion of legitimacy complete. Luckily for potential victims, these phishing websites are not very professionally executed, and certain links lead to error pages.
Another telling sign that this is a phishing page is the wrong URL – these sites are hosted on Web hosting domains, compromised legitimate domains or even IP domains.