| 8/23/2010 - Courier Phishing Scams Duping Consumers | |
Computer security-software firm Symantec (Mountain View, Calif.) has recently observed phishing websites spoofing courier service brands. The company found three primary brands targeted from which fraudsters were attempting to steal customers’ login credentials.
Fraudsters target courier firms because the companies typically provide their customers with several online features upon registering with the brand’s legitimate website. The features help customers to track their shipments, make online payments for their orders, specify the address for delivery, etc. If thieves steal login credentials, they can benefit from these features because they may enable them to reroute valuable packages to any address the fraudsters provide.
In one of the phishing sites, the page prompted the customer to update user details, purportedly because "the account had not been updated for a considerable time." The details that required updating included sensitive information, such as login credentials, account name, account number and billing address. When the customer enters the requested information, the page redirects to the legitimate website, which creates the illusion that the update is complete. If customers fall victim to these phishing sites, they may end up losing their customer identity with the courier, which would—at the very least—result in the failure of having their packages delivered to the recipients.
Symantec writer Mathew Maniyara says, “Some of these phishing sites were created unprofessionally, which can be noted from the fact that clicking on certain links in the phishing page returned a ‘404 Page Not Found’ error. Typically, such errors do not occur in legitimate websites.”
The web thieves used several kinds of domains in hosting the phishing sites. Some were web-hosting domains, some were compromised legitimate domains and others were IP domains (IP-based URLs look like this: http://255.255.255.255/).
Symantec advised Internet users to follow best practices to avoid phishing attacks, such as: • Do not click on suspicious links in email messages. • Check the URL of the website and make sure that it belongs to the brand. • Type the domain name of your brand’s website directly into your browser’s address bar rather than following any link. • Frequently update your security software, such as Norton Internet Security 2010, which protects you from online phishing. |
|
