Abnormal shows how USPS masqueraded as a credit card phishing scam


With holiday With delivery times rapidly approaching and online orders continuing to pour in, courier services are under increasing pressure from anxious consumers. This increase in shipping demand has made Amazon, USPS, UPS and FedEx targets of increasing identity theft attacks targeting their unsuspecting customers.

In this attack, attackers masquerade as a USPS package tracking page to steal credit card credentials.

Credit card phishing attack

This attack mimics a U.S. Postal Service delivery notification email, informing the recipient that their package cannot be delivered until payment is confirmed. Although the email appears to be from “USPS” and features the official USPS logo, the actual sender is different.

The email prompts the recipient to confirm their package by clicking on a link that leads to a fake USPS tracking site

The email prompts the recipient to confirm their package by clicking on a link, which takes them to a fake USPS tracking site that claims additional shipping charges must be paid to ensure delivery of the package. This page asks for payment details to fulfill this charge, setting up a trap for the recipient to disclose sensitive credit card information to the crooks.

Victim scam attempts

Ironically, the email includes a banner that says “*** This email is from an external source. Only open links and attachments from a trusted sender. ***”, showing how far attackers will go to deceive unsuspecting victims.

The malicious link is hidden under “Confirm My Package” hypertext redirects to a phishing site masquerading as a USPS package tracking page. The landing page contains a fake tracking number for the recipient’s supposed package and prompts them to enter their credit card information.

If submitted, these payment credentials are sent directly to attackers as part of a successful payment fraud scheme. If the recipients fall into the trap of this attack; fraudsters can use their credit card information to make unauthorized transactions.

Why the credit card phishing attack works

This attack creates legitimacy through the use of USPS logos in emails and landing pages. The landing page, in addition to a section for payment details, includes a fake tracking number, links to actual USPS web pages, and even a checkbox for the recipient to indicate that they have accepted the USPS privacy policy.

Timed strategically before the holidays, it is about motivating the recipient to act quickly so that they receive their packages on time

These details contribute to the authenticity of this scam, increasing the likelihood that a recipient will ignore the suspicious link and fall for the trap. Additionally, the email includes a sense of urgency and states that payment confirmation must be completed within three days, otherwise it will expire and their package will not be delivered.

Strategically timed before the holidays, the goal is to motivate the recipient to act quickly so that they receive their important packages on time. It also comes at a time when consumers are expecting an increase in the number of packages and are receiving delivery notification emails.

Rise in email identity theft scams

Abnormal stopped this email due to the unusual sender, suspicious link, and the email failed authentication, a clear indicator that the email is malicious. Additionally, the fact that this email contains a financial request but the USPS generally does not send financial requests indicates that this email may be fraudulent.

Shipping companies around the world have reported an increase in email identity theft scams characterized by these bogus delivery notifications. According to data from Check Point Software Technologies, November saw a global increase of 440% in phishing emails sent compared to October. Abnormal expects this trend to continue to increase even more in December and throughout the holiday season.


Comments are closed.