Skip to main content

Alert - phishing investigation

We are constantly seeing new attempts for the cyber gangs to get access to our information, payment information and credit card details. While the specific example in this scenario is a South African based courier, I have seen the same types of attacks in multiple geographies and they follow the same attack path. Jaiden has helped me run through this so we can share this with people out there to spread soe awareness.

An initial message was received that there was an unpaid charge on a delivery. The courier company could not complete the delivery and the recipient needs to pay a nominal fee to have the delivery rescheduled. The criminals specifically use very low value amounts as they hope the psychology of the small value of the transaction will trick people into not thinking it is a risk. This message can be via email, message app or text/SMS.

Upon clicking the link for the initial mail, we are redirected to the following site which uses the skin of the targeted courier company. Looking at the URL will immediately tell you this is not the place you expect to be directed to. Criminal gangs use compromised sites to host tier pages, or create fake ones:

phishing investigation 1

This website then asks the user to complete a captcha (most likely in an attempt to lure them into a false sense of security and deter any automated scanners. Completing said captcha takes us to a payment portal mimicking that of PayU (a legitimate online payment service). This was a rather interesting choice.

phishing investigation 2

phishing investigation 3

Here you are asked to complete your payment information. At this point the cybercriminal would take your credit card details. We used fake details to continue on the journey.

When we entered fake credit card details (and a fake phone number) into this form, we are then taken to a page asking for an OTP, this is likely how the cyber gang do automatic checking of OTP requirements on your card. It also goes a long way is keeping up appearances for the victim.

phishing investigation 4

phishing investigation 5

This scheme is quite convincing and if you are not sure on the standard delivery processes of a courier. You could become a victim. Attackers use these elaborate methods to trick users and provide a false sense of security with the fake OTP and the mention of a level of urgency to complete the transaction. This then means you have lost your credit card details and it will be traded on the dark web.

Take care out there.

I hope that this was as interesting to read as it was to investigate!

  • Hits: 217