In recent years, scammers have found a reef in communications related to packages not delivered by various messaging services. These fraudulent campaigns, which propagate mainly by email or SMS, intensify in periods of high online purchase activity, such as weeks before Christmas or during sales. It is crucial to be especially attentive to detect these deceptions and avoid falling into their traps.

Recently, a new campaign that uses the hook of the “delivery of the suspended package” to attract new victims has been observed. Although this time is not mentioned directly to any logistics company, the logo used could be associated with the GLS company. The email informs of an alleged suspended delivery of a package, without specifying the sender company or the content of the package. In addition, it includes a generic photo and a false monitoring code. The email sender does not seem to be associated with any known transport company, which should be a warning signal for users.

ESPEAFERS STRATEGY: «Delivery of the suspended package»

The creators of this campaign have not strive to give it a professional appearance, using generic messages and templates that only pretend that the user will pass through different sections to give credibility to deception. The user is presented with a series of screens explaining the alleged reasons why the package has not been delivered, the expenses that lead to it and a series of questions aimed at schedule a second installment. These screens are just a previous phase to prepare the user to enter the information that scams really look for: credit card data.

The ultimate goal is to steal the data of the credit cards of the users who, confident, provide them in the form prepared for that purpose. These data can be used to acquire goods and services in charge of the victim’s bank account or credit line. On this occasion, the domains used for the campaign show that the data is used to subscribe to users at a films and series streaming service for a cost of € 57.95 per month. In addition, on the websites where the steps are reported to receive the package, it is clarified that there is no link with the GLS transport company.

These types of strategies are frequently used by companies that operate in a gray area of ​​legality. They create striking hooks, such as the package that has not reached their destination, to attract users and get them to enter the data of their credit cards, subscribing to services that, otherwise, they would not have hired, either because not the They need or for their high cost.

Preventive measures

To avoid falling into these traps, from ESET they recommend:

  • It is important to carefully check all emails and SMS messages that we receive alerting a problem in sending a package
  • Check if they are really legitimate, for example, going to the trade website where the product was acquired and reviewing the order status
  • be attentive to warning signs, such as unknown senders, spelling and grammatical errors, and requests for personal or financial information