Scammers are taking advantage of the last-minute rush to order Christmas gifts, with one threat intelligence vendor claiming to have seen a 34% increase in new phishing sites impersonating delivery services.
Group-IB said it identified 587 sites designed to look like legitimate postal operators and delivery companies in the first 10 days of December, up by a third on the previous 10 days.
Since the beginning of November, its CERT-GIB unit has detected 1539 such sites, with Germany (18%), Spain (13%), Poland (14%) and the UK (4%) the top locations.
However, these are all thought to belong to a single global campaign impacting postal brands in 53 countries.
Group-IB said victims typically receive a text message warning of an ‘urgent’ or ‘failed’ delivery which links to such sites. The recipient is then urged to leave their personal and payment details.
Read more on Christmas scams: UK FCA Warns of Christmas Loan Fee Fraud Surge
The sites typically use official names and logos and typosquatted URLs to add legitimacy, the vendor claimed.
To stay hidden from researchers and law enforcement, the scammers apparently also restrict access to such sites by geolocation, device and operating system, and ensure they are only live for a few days.
Group-IB operations director, Vladimir Kalugin, warned that last-minute shoppers are often less cautious when interacting with texts and potential scam sites.
“Scammers exploit this sense of urgency by sending fake delivery notifications. The high volume of packages being shipped during the holiday season makes it easier for scammers to hide among legitimate delivery services,” he added.
“We recommend users verify sender details, search through official channels cautiously due to scammers’ mimicry, treat messages as alerts, independently access official websites, and be aware of the ongoing schemes.”
Group-IB urged brand owners to use threat intelligence-backed services to monitor and block such campaigns before they have a chance to grow.