Yesterday I posted the bank related fraud. In that post I mentioned there are other incidents that triggered that post. This is one such incident. Recently my relative in Chennai sent package through a courier. The courier was yet to arrive. I received a phone call from the courier company. Here is the call transcript
Me: Hello
X: Hello sir I am calling you regarding your courier
Me: Which courier are you talking about? (Since I was also expecting some package from amazon)
X: It is a courier from Chennai with the tracking id 12345678
Me: Ok the number is correct one. What is the problem?
X: The courier is misrouted to a wrong location. Do you want this courier to be rerouted to you?
Me: Yes. I want that courier. It contains some essential medicine
X: For the courier to be rerouted, you need to pay some additional charges
Me: I will pay by cash at the time of delivery to the agent
X: No sir you must pay first to us and then the courier shall be routed to you
Me: Ok, how shall I pay to you?
X: You can pay via googlepay/phonepe
Me: This is from which courier company?
X: This is speed post courier
(At this point I became alert because India Post + Google Pay/Phonepe didn’t make sense. They still don’t accept this in the post office for any transactions, as far as I know)
Me: I can pay only cash, otherwise let the courier get lost
X: No sir cash is not possible. The amount is a very little and no need to worry we will send the courier without fail to you.
Me: No thanks. I cut the call.
In this case I almost fell for the trap because he mentioned the correct courier tracking id. I still don’t know how he got the information. However, my hypothesis is the following
- The sender wanted to check the courier tracking.
- He went to google and typed “track courier professional courier”.
- In the sponsored links there is a link to www.trackallcouriers.com
-
Once you open the site you get something like a simple form that asks for the following details (The site looks fishy for me, but for a normal user the site might look fine)
- Name
- Phone number
- Courier tracking
- Courier company
- On clicking search it says unable to find the info and forwards to another site
- Now with this information the attacker can try to extract further information from the target via social engineering
A little whois search reveal the site is created recently on 25-March-2023. So, this is a new type of attack, and such sites are mushrooming. Long story short, don’t believe the google results as is, find the original company site and then check what info is being asked. For eg., a courier tracking site should ask only the tracking number, your name and phone number are not required. Just because someone asks don’t provide the information.
Stay vigilant and stay safe.
PS: The screenshots for your reference.
Ferose Blog 