BrianKrebsOct 10, 2023

Recent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. Postal Service (USPS) customers. Here’s a look at an extensive SMS phishing operation that tries to steal personal and financial data by spoofing the USPS, as well as postal services in at least a dozen other countries.

I like to show my work, and went pretty far down the rabbit hole with this one:

https://krebsonsecurity.com/2023/10/phishers-spoof-usps-12-other-natl-postal-services/

Phishers Spoof USPS, 12 Other Natl’ Postal Services – Krebs on Security

Show threadnepiOct 10, 2023
@briankrebs Hah, what a timely write up. My partner got his info (and mine, d’oh!) grabbed by one of these a couple weeks ago.

Something clever I noticed is that the website redirects to the regular USPS website unless it sees a mobile user agent string. Probably makes it more likely to get past a first glance at the “abuse” desk of large orgs?

The one we got hit with also used an IP geolocation service to make the scam more convincing - thankfully the service they used terminated the (helpfully embedded) API key quickly once informed of its use.
Show threadBrianKrebs
@nepi Yep. Several of these SMS phishing sites I had to use developer tools and emulate a mobile device to get the homepages to load. And also most of the links on the landing page actually go to USPS
Oct 10, 2023 at 1:47pmWeb