Threat actors have found continuous success using package delivery services as SMS phishing lures since the start of the COVID-19 pandemic and package delivery phishing attacks are the number one harvester of credit cards that WMC Global is currently seeing. Scammers now gravitate towards any new courier as a lure because of the sheer effectiveness of the campaigns. These lures are often used to perform call back scams but consumers get wise to the same attack content, resulting in threat actors needing to diversify and increase their portfolio of campaigns. Introducing Evri, the latest UK courier company to be heavily targeted and brand abused for credential phishing attacks.
7 min read
Evri- UK Package Delivery Scam
By WMC Global Threat Intelligence Team on 5/19/22 10:21 AM
Topics: Covid SMS Attack Phishing Kit Threat Intel Banking Courier Scam SMS Phishing Credential Phishing package delivery scam
7 min read
Just Eat - UK Food Delivery Service Customers Targeted by SMS Phishing
By WMC Global Threat Intelligence Team on 4/12/22 9:53 AM
Over the last two years, threat actors have found many lucrative ways to exploit pandemic-induced lifestyle changes and financial strain by creating scams using package delivery services as well as unemployment payments, grants, and vaccine passports as lures. As the world begins to adjust to life beyond Covid-19, threat actors are creating new lures, while still focusing on consumer behavior driven by the pandemic.
Topics: Covid SMS Attack Phishing Covid-19 Food Delivery Service Phishing SMS Phishing Just Eat Deliveroo Uber Eats Credential Phishing Food Delivery App Phishing
6 min read
Phishing Lures Imitate Government Bodies Offering COVID-19 Relief
By WMC Global Threat Intelligence Team on 8/11/21 8:31 AM
This blog is released in partnership with Mobile Ecosystem Forum (MEF), of which WMC Global is a proud member.
Topics: Covid Phishing Covid-19 Phishing Kit Threat Intel Government US Government UK Government NHS
3 min read
COVID Update
By WMC Global Threat Intelligence Team on 8/12/20 10:00 AM
Throughout the early months of the COVID-19 pandemic, when companies and consumers were forced to adapt to remote working arrangements and adopt digital interactions with family and friends to stay connected, PhishFeed witnessed a stark rise in phishing attacks, particularly in attacks configured to show only on mobile devices. Since January 2020, PhishFeed has collected tens of thousands of phishing URLs and kits, many of which were branded with COVID-themed domains, URLs, or attack content by the responsible threat actors, as seen in Figure 1.