A new report from cybersecurity services company Group-IB Global Pvt. Ltd. is warning of a sharp increase in fake delivery sites in the weeks leading up to Christmas.

In the first 10 days of December, Group-IB’s Computer Emergency Response Team identified 587 fake postal resources, 34% higher than the last ten days of November. Since the beginning of November, CERT-GIB detected 1,539 phishing sites impersonating postal operators and delivery companies.

Interestingly, the detected sites are believed to be part of a single scam campaign. The scammers capitalize on the rush for last-minute gifts by sending SMS messages, often disguised as “urgent” or “failed” delivery notifications. The messages mimic well-known postal and delivery services, prompting the recipients to visit scam websites and leave their personal and payment details.

The timing of the rise of fake delivery scams is not surprising as scammers usually reach their peak in December, the busiest time of year for delivery companies due to the Holiday shopping season. The scammers were found to be creating hundreds of websites daily, mimicking legitimate sites.

According to the researchers, the highest volume of phishing resources were created on December 8, 2023, with fake sites targeting postal and delivery services in 53 countries. The most popular countries targeted by the phishing sites included Germany (17.5%), Poland (13.7%), Spain (12.5%), the U.K. (4.2%), Turkey (3.4%) and Singapore (3.1%).

The phishing pages being used in the campaign display the official names and logos of impersonated postal service providers and mimic their URLs. The scammers use several evasion techniques to ensure that authorities and cybersecurity researchers do not detect their rogue resources, including limiting access based on geographic locations and limiting fake websites to work on only certain devices and operating systems.

In one twist, perhaps suggesting that they know they risk being caught, the scammers were also observed to keep fake sites live for only a few days, making it challenging for security experts to investigate the scheme and traditional anti-scam solutions to detect it.

“With last-minute shopping and the desire to get parcels on time, people tend to be less cautious,” said Vladimir Kalugin, operations director (digital risk protection) at Group-IB. “Scammers exploit this sense of urgency by sending fake delivery notifications.”

Kalugin added that to prevent falling victim to such scams, users should verify sender details, search through official channels, treat messages as alerts, independently access official websites and be aware of the ongoing scams that are actively targeting potential victims.

Image: DALL-E 3