Phishing attacks have been on the rise in recent months. Through emails or SMS, cybercriminals seek to steal the personal data of Internet users, including their banking details. While end of year celebrations are fast approaching, pirates are mainly using the parcel delivery scam to trap users… including in France.
As a reminder, a package delivery scam consists of first pretending that a package is awaiting delivery, has been sent or could not be delivered. To complete delivery, the message requires a immediate payment. Scammers justify this request with shipping costs, taxes or customs duties in order to fool victims. To make the payment, the victim is asked to click on the link included in the message. This will redirect the target to a fraudulent site, designed to extract the user's personal and banking information.
Also read: Yet another data leak in France – Norauto customers’ identity cards have been compromised
Wave of Mondial Relay parcel scams
As Internet user Mikołajek noted on his X account, cybercriminals recorded no “less than 20 fraudulent domain names” they usurp the identity of Mondial Relaythe French company specializing in parcel delivery. With these domain names, pirates want their targets to believe that it was Mondial Relay who came into contact with them. For this, they will take as best as possible the design of the official website of the delivery company.
All these names were registered in just eight days. Most of the domain names listed contain a typo. This error makes it possible to detect the deception, but, very often, Internet users go too quickly and do not take the time to check the URL of the sites they consult.
It seems that the pirates are preparing to the explosion of online orders during the Christmas period. Many French people will in fact go to e-commerce stores, such as the essential Amazon, to find gifts to slip under the tree. The Signal-Arnaques community, which relays the user's discovery, emphasizes that “the parcel scam will come back in force during deliveries before Christmas”. For his part, Mikołajek, mmember of the board of directors of Afnic, the domain name registry, also emphasizes that “Christmas is approaching, the package will experience a peak of activity”.
Questioned by our colleagues from Le Parisien, Jean-Jacques Latour, head of cybersecurity at cybermalveillance.gouv.fr, recalls that this type of scam systematically comes up “in force before Black Friday, during Christmas and until the winter sales”. Durant “these two to three months, there has always been an increase in these facts”notes the expert. Pour Xavier Daspre, the French technical director of Proofpoint, “heavy periods of consumption” are always accompanied by an increase “fraudulent emails and, increasingly, SMS messages”. In our mailbox, we have also received a plethora of emails indicating that a package is stuck at customs, requires urgent payment or the planning of a new delivery date.
Hackers armed with data
This year, the resurgence of parcel scams occurs in a particular context for France. In recent months, France has been hit by successive waves of large-scale cyberattacks. At the end of these offensives, a colossal quantity of personal data on French people ended up in the hands of cybercriminals.
They therefore have valuable information to put to rest the distrust of their targets and convince them to provide their banking details. As we know, the most dangerous phishing attacks are those that rely on the most personal data.
This is why parcel scams appear particularly devastating at the end of 2024. It is likely that the scams are full of truthful personal information about you. We recommend that you remain vigilant and take all communications regarding an approaching package with hindsight. In a reaction addressed to 01Net, Surshark advises “only follow notifications from the sales platforms used and check orders in the customer area”.
???? To not miss any news from 01net, follow us on Google News and WhatsApp.
