We received an SMS purporting to be from Canada Post indicating that a signature is needed for a parcel to be released. The SMS contains a fake tracking number and a link that can supposedly be used to reschedule a delivery. The word "shedule" is not spelled correctly in the domain name -- which seems to be fairly common with these types of scams.

When visiting the link, the recipient is first presented with a Captcha to solve, then a spoofed Canada Post page is presented. Clicking the "Reschedule Delivery" button leads to another page asking the user to pay a small fee and provide a name and address for the rescheduled delivery.

Next, the recipient is taken to a payment page where credit card details are requested.

Canada Post has some resources available to help identify these types of messages.

IOCs

cpreshedule[.]com
190.14.37[.]170

[IOC Details]