Post

Researchers Warn of Global Surge in Fake Shipment Tracking Scams

Posted
By ictsec.pl
2 min read
Researchers Warn of Global Surge in Fake Shipment Tracking Scams

🚨 Researchers Warn of Global Surge in Fake Shipment Tracking Scams

Fake shipment tracking scams are rapidly scaling across the world, exploiting the 161 billion annual parcel volume that fuels global e-commerce, according to threat intelligence provider Group-IB. The firm’s Threat Intelligence research team detected a spike in this type of scheme exploiting the popularity of parcel delivery services in 2025. From almost no such activity observed in 2024, the researchers identified over 100 fake shipment tracking campaigns almost every month throughout the past year, with peaks at 218 and 208 unique campaigns in June and December 2025, respectively. Some of these campaigns are linked to Darcula, a Chinese-language phishing-as-a-service (PhaaS) platform offering tools that are used in over 100 countries.

A typical fake shipment tracking scam campaign starts with an attacker setting up a phishing domain and a fake website. The researchers noted that, while many phishing and fake shipment tracking scams rely on cheap, disposable, and lightly regulated domains to operate quickly and anonymously (such as [.]xyz, [.]help, [.]shop, [.]click, and [.]top), they also abuse trusted extensions like .com through lookalike variations designed to mimic real brands. Next, attackers typically use one of the following methods to infect victims, both sent through an SMS that includes phishing messages claiming failed deliveries. These methods include using a legitimate-looking anonymous number (e.g., formatted like local mobile prefixes) and using Sender ID spoofing so that the message appears to come from the same official sender the victim’s phone already trusts. The attackers typically use URL masks so that the malicious URLs embedded in the phishing SMS appear legitimate and the malicious page renders properly on mobile devices, increasing the likelihood of victim engagement.

Victims who click to “update address details” or “pay small fees” are then led to pages where they are encouraged to fill in missing personal and/or financial information. This is where victim funds and credentials are stolen. While no single threat actor has been definitively linked to these schemes, the Group-IB researchers observed that many of the phishing sites share infrastructure and characteristics commonly associated with Darcula.

For more details, check out the full article: Read full article

CYBERSECURITY
FAKE SCAMS SHIPMENT TRACKING CYBERSECURITY PHISHING
This post is licensed under CC BY 4.0 by the author.