Feb 28, 2024

phish sms usps

USPS delivers to Canada, so fraudsters are conducting SMS phishing campaigns against Canadians. We spotted this campaign spoofing USPS which informs the recipient that a package cannot be delivered. It also includes instructions that cause the link in the text to become clickable. Responding with a "Y" causes the link to become hyperlinked, and the user can click the link rather than try and copy 'n paste the link into their browser.

This may also allow the threat actors to know that the receiving phone number is valid, so that they can continue to send messages to that recipient.

Feb 15, 2024

phish sms canadapost

We received an SMS purporting to be from Canada Post indicating that a signature is needed for a parcel to be released. The SMS contains a fake tracking number and a link that can supposedly be used to reschedule a delivery. The word "shedule" is not spelled correctly in the domain name -- which seems to be fairly common with these types of scams.

Feb 08, 2024

phish sms canadapost

We observed an SMS phishing campaign spoofing Canada Post. The text itself does not mention Canada Post specifically, but references  a "tracking notice" and requests the recipient to update their information. The link in the text itself is interesting because it is a direct link to an IP address (as opposed to a domain) but the IP address is represented as a decimal (rather than a normal IP format), most likely in an attempt to bypass some security controls.