A new USPS Delivery Phishing Scam has surfaced, in which scammers are exploiting Freemium Dynamic DNS and SaaS Providers to steal victims' login credentials and other data.
Cybersecurity researchers at Bloster AI have uncovered a new USPS Delivery Phishing campaign that employs sophisticated techniques to target victims in the United States.
It comes as no surprise that cybercriminals are employing sophisticated techniques to exploit reputable services for scams, making it challenging for innocent consumers to enjoy the holiday shopping season.
This pattern is evident in the ongoing scam attack against Booking.com customers.
According to Bloster AI, an automated digital risk protection service, Walmart is a prime target this season due to the higher volume of shipping needs during November and December in the USPS phishing attack.
Bolster's CheckPhish has already discovered over 3,000 phishing domains mimicking Walmart.
The extensive phishing campaign mimics USPS, tricking consumers into thinking they have failed deliveries and late payments.
Threat actors have substantially improved their attack tactics, transitioning from deceptive/misleading messages to luring victims into downloading financial/banking data-stealing apps.
This domain mainly mimicked Walmart's domain name and served USPS delivery tracking-related content and redirects to the authentic USPS portal to evade detection mechanisms.
Scammers distribute phishing links via email or SMS and use stolen data to lure victims into giving away sensitive banking data via social engineering techniques.
Once a victim's bank details are acquired, attackers can purchase, transfer money, or gain monetary benefits.
Phishing sites contain a site title such as USPS.com® - USPS Tracking® Results, and are designed to steal sensitive information like email addresses, names, phone numbers, residential addresses, and credit/debit card information.
These sites cleverly redirect hyperlinks to legitimate USPS websites and use IP location to evade detection.
In some instances, hackers utilized personal information stolen in this scam, such as email address, phone number, or name, and sent emails/phishing scams pretending to be the victim.
Some phishing sites may also display tracking details as per the victim's IP locations to appear authentic.
Bolster researchers noted that threat actors rely on these sites on pushed domains and exploit free hosting services.
Attackers also host phishing sites using available domain names on now-dns.com and forumz.
Threat actors are focusing more on SaaS services and using AI technology, social media phishing, and brand impersonation scams to steal/lure customers from profitable sectors, such as finance, healthcare, and government agencies.
This phishing campaign primarily targets USPS customers in the US, but you may never know when attackers decide to expand the scope of this scam.
Proactive measures to identify and remove pre-malicious domains either manually or through automated takedown services are crucial to retaining consumer trust.
This Cyber News was published on www.hackread.com. Publication date: Tue, 05 Dec 2023 14:13:04 +0000