Christmas rush brings spike in fraudulent delivery sites

More than 1,500 phishing sites masquerading as delivery companies and postal operators have emerged since November, 587 of which were identified during the first 10 days of December alone, representing a 34% increase from the last 10 days of the previous month, SiliconAngle reports. All of the discovered fake delivery sites have been associated with a lone scam campaign, with most of the phishing resources created on Dec. 8, while Germany, Poland, Spain, the UK, Turkey, and Singapore were the most targeted countries, according to a report from Group-IB's Computer Emergency Response Team. Aside from leveraging official postal service providers' logos and names, threat actors have also limited geographic, device, and operating system access for their sites in a bid to evade detection. Additional efforts to bypass detection include a shortened lifespan for the fraudulent sites. "With last-minute shopping and the desire to get parcels on time, people tend to be less cautious. Scammers exploit this sense of urgency by sending fake delivery notifications," said Group-IB Operations Director of Digital Risk Protection Vladimir Kalugin.