Yesterday I posted the bank related fraud. In that post I mentioned there are other incidents that triggered that post. This is one such incident. Recently my relative in Chennai sent package through a courier. The courier was yet to arrive. I received a phone call from the courier company. Here is the call transcript
Me: Hello
X: Hello sir I am calling you regarding your courier
Me: Which courier are you talking about? (Since I was also expecting some package from amazon)
X: It is a courier from Chennai with the tracking id 12345678
Me: Ok the number is correct one. What is the problem?
X: The courier is misrouted to a wrong location. Do you want this courier to be rerouted to you?
Me: Yes. I want that courier. It contains some essential medicine
X: For the courier to be rerouted, you need to pay some additional charges
Me: I will pay by cash at the time of delivery to the agent
X: No sir you must pay first to us and then the courier shall be routed to you
Me: Ok, how shall I pay to you?
X: You can pay via googlepay/phonepe
Me: This is from which courier company?
X: This is speed post courier
(At this point I became alert because India Post + Google Pay/Phonepe didn’t make sense. They still don’t accept this in the post office for any transactions, as far as I know)
Me: I can pay only cash, otherwise let the courier get lost
X: No sir cash is not possible. The amount is a very little and no need to worry we will send the courier without fail to you.
Me: No thanks. I cut the call.
In this case I almost fell for the trap because he mentioned the correct courier tracking id. I still don’t know how he got the information. However, my hypothesis is the following
A little whois search reveal the site is created recently on 25-March-2023. So, this is a new type of attack, and such sites are mushrooming. Long story short, don’t believe the google results as is, find the original company site and then check what info is being asked. For eg., a courier tracking site should ask only the tracking number, your name and phone number are not required. Just because someone asks don’t provide the information.
Stay vigilant and stay safe.
PS: The screenshots for your reference.