SURBL Advanced Phishing Intel: Postal & Unpaid Toll Scams
Postal Phishing & Unpaid Toll Scams Intelligence from SURBL B.V.
If you have recently received a suspicious text about a postal delivery or unpaid tolls in recent months, you are certainly not alone. The screenshots below are just two examples of phishing scams being sent on a mass scale around the globe.
SURBL has extensive coverage and insights on these advanced phishing domains. SURBL BV has been working alongside Int’l LE, security vendors, and threat researchers worldwide to help identify domains, including those related to Postal Phishing Scams and Unpaid Toll Scams.
How Postal Phishing Scams Work:
The victim receives an email or text that appears to be from USPS or another postal service saying they have a delivery, but there is some kind of issue. This issue might be related to an incorrect shipping address, insufficient postage, etc. Ultimately, prompting the victim to click on the link and provide their credit card information to pay a small, insignificant fee like $1-2 to complete the delivery.
Once the credit card is provided, the user will receive a notification from their bank with a code to authorize the transaction. To the victim, this all seems legitimate, and they are only risking $1-2.
However, the authorization code is really to add the credit card information to an Apple or Google Wallet. The cybercriminal is then free to use the credit card in the apple wallet for whatever purchase they want. Typically going on a spending spree until the bank can detect and cancel the card.
The image below gives an example of the volumes of cards they are able to steal and add to their digital wallets.
Once the link / domain is detected by filters, the culprit will just quickly switch to a new domain to continue their scam. SURBL researchers have found that cybercriminals often purchase 100s to 1,000s of domains for their operations.
SURBL BV is able to continually identify new domains from this group and related attacks for proactive protection. SURBL estimates they have 45,000+ active listings for postal phishing domains.
The day before this article was posted, they observed postal phishing attacks targeting Finland.
Using proprietary research methods, the SURBL team has found many related domains they will proactively list. Meaning SURBL users are protected from many of these malicious domains before they can even be used.
New Scam on the Rise: Unpaid Toll Phishing
Similar to postal phishing scams described above, the SURBL team has also seen a huge rise in “unpaid toll” phishing attacks.
Unsuspecting users will receive a text, like the example below, falsely notifying them that their vehicle has an unpaid toll bill. The toll phishing messages will also include the unpaid amount and a link to make a payment. In some cases, cybercriminals can even use location data to better target their attacks – for example, sending unpaid toll scams to people they know have been driving in Massachussets.
The link will take the users to a fraudulent site, imitating a state toll payment page. Once the user makes the payment, the cybercriminals can then steal credit card numbers and personal information.
The SURBL Research Team has identified over 3,500 new domains related to unpaid toll scams in the last few days alone.
What can be done about it?
As Users:
Continue to be a vigilant and smart internet user. If it looks suspicious, don’t click the link!
See something, say something! If you recieve these phishing attempts via text or iMessage, please be sure to report the message. This provides valuable feedback to your phone providers and mobile carriers.
Please report the scams to the appropriate authority. For US recipients, you can report these postal phishing scams to USPS at https://www.uspis.gov/report. Unpaid tolls should be reported based on the state. See Illinois for example: https://agency.illinoistollway.com/fraudulent-electronic-communication
As Businesses:
It is key to make sure your cybersecurity plan protects against new and existing threats. Using threat intelligence from leading independent cyber research organizations is crucial to maximize your network protection.
Enhanced Email Filtering: Business email compromise continues to be a major vector for cybercrime to gain access to critical business data. Using leading blocklists from SURBL and other providers can prevent these types of messages from ever reaching your users’ inboxes.
Deploy or enhance your DNS Firewall (DNS RPZ): Implementing threat intelligence at the DNS level is a critical choke point to protect against known threats.
SMS Firewall: Add domain-based filtering to your SMS firewall to increase protection for your users.
As Security / Infrastructure Providers:
Enhance your threat intelligence and improve your coverage with the best and most complete domain intelligence.
Use trusted, proven threat intelligence feeds to identify more IOCs and improve detection times.
Further enhance the coverage of your security solutions to filter out malware, phishing, and compromised domains.
Implement highly valuable firewalls (DNS Firewall, SMS Firewall) to block connections to IPs and domains that are known to be malicious.
Domain Reputation Data from SURBL B.V.
SURBL BV has 20+ years of experience in identifying phishing and other malicious domains, and is a trusted authority on domain reputation. In fact, SURBL is one of the main sources of domain reputation data for the ICANN Domain Abuse Activity Report.
SURBL BV produces and provides the following highly accurate and comprehensive datasets:
SURBL MULTI – Comprehensive feed of current, active bad domains, including advanced phishing, malware, and compromised domains
SURBL FRESH – Newly registered domains
SURBL HASHBL – Hashed dataset, innovative coverage on shortened URL’s, email addresses (including free-mail addresses), phone numbers, cryptowallets, and more
Learn more about SURBL Domain Reputation Feeds HERE.
Contact Us for more information or to start your free evaluations.
Postal Phishing & Unpaid Toll Scams Intelligence from SURBL B.V.
If you have recently received a suspicious text about a postal delivery or unpaid tolls in recent months, you are certainly not alone. The screenshots below are just two examples of phishing scams being sent on a mass scale around the globe.
SURBL has extensive coverage and insights on these advanced phishing domains. SURBL BV has been working alongside Int’l LE, security vendors, and threat researchers worldwide to help identify domains, including those related to Postal Phishing Scams and Unpaid Toll Scams.
How Postal Phishing Scams Work:
The victim receives an email or text that appears to be from USPS or another postal service saying they have a delivery, but there is some kind of issue. This issue might be related to an incorrect shipping address, insufficient postage, etc. Ultimately, prompting the victim to click on the link and provide their credit card information to pay a small, insignificant fee like $1-2 to complete the delivery.
Once the credit card is provided, the user will receive a notification from their bank with a code to authorize the transaction. To the victim, this all seems legitimate, and they are only risking $1-2.
However, the authorization code is really to add the credit card information to an Apple or Google Wallet. The cybercriminal is then free to use the credit card in the apple wallet for whatever purchase they want. Typically going on a spending spree until the bank can detect and cancel the card.
The image below gives an example of the volumes of cards they are able to steal and add to their digital wallets.
Once the link / domain is detected by filters, the culprit will just quickly switch to a new domain to continue their scam. SURBL researchers have found that cybercriminals often purchase 100s to 1,000s of domains for their operations.
SURBL BV is able to continually identify new domains from this group and related attacks for proactive protection. SURBL estimates they have 45,000+ active listings for postal phishing domains.
The day before this article was posted, they observed postal phishing attacks targeting Finland.
Using proprietary research methods, the SURBL team has found many related domains they will proactively list. Meaning SURBL users are protected from many of these malicious domains before they can even be used.
New Scam on the Rise: Unpaid Toll Phishing
Similar to postal phishing scams described above, the SURBL team has also seen a huge rise in “unpaid toll” phishing attacks.
Unsuspecting users will receive a text, like the example below, falsely notifying them that their vehicle has an unpaid toll bill. The toll phishing messages will also include the unpaid amount and a link to make a payment. In some cases, cybercriminals can even use location data to better target their attacks – for example, sending unpaid toll scams to people they know have been driving in Massachussets.
The link will take the users to a fraudulent site, imitating a state toll payment page. Once the user makes the payment, the cybercriminals can then steal credit card numbers and personal information.
The SURBL Research Team has identified over 3,500 new domains related to unpaid toll scams in the last few days alone.
What can be done about it?
As Users:
As Businesses:
It is key to make sure your cybersecurity plan protects against new and existing threats. Using threat intelligence from leading independent cyber research organizations is crucial to maximize your network protection.
As Security / Infrastructure Providers:
Enhance your threat intelligence and improve your coverage with the best and most complete domain intelligence.
Domain Reputation Data from SURBL B.V.
SURBL BV has 20+ years of experience in identifying phishing and other malicious domains, and is a trusted authority on domain reputation. In fact, SURBL is one of the main sources of domain reputation data for the ICANN Domain Abuse Activity Report.
SURBL BV produces and provides the following highly accurate and comprehensive datasets:
Learn more about SURBL Domain Reputation Feeds HERE.
Contact Us for more information or to start your free evaluations.
Recent Posts
Recent Comments
Popular Categories
Popular Tags
Archives