Phishing Courier Service Brands

Symantec has recently observed phishing websites spoofing courier service brands. There were primarily three brands targeted and fraudsters were attempting to steal customers’ login credentials.
So what’s in the login credentials of courier service brands that fraudsters can take advantage of? Couriers provide their customer with several online features upon registering with the brand’s legitimate website. The features help customers to track their shipments, make online payments for their orders, specify the address for delivery, and so on. If login credentials are stolen, fraudsters can benefit from these features because it may enable them to reroute valuable packages to any address they provide.

In one of the phishing sites, the page prompted the customer to update user details, purportedly because "the account had not been updated for a considerable time." The details that required updating included sensitive information such as login credentials, account name, account number, and billing address. When the requested information is entered, the page redirects to the legitimate website, which creates the illusion that the update is complete. If customers fall victim to these phishing sites, they may end up losing their customer identity with the courier, which would—at the very least—result in the failure of having their packages delivered to the recipients.
Some of these phishing sites were created unprofessionally, which can be noted from the fact that clicking on certain (continue reading...)