SMS phishing - package delivery

hellothere

New Member
Thread author
Apr 7, 2024
7
Hello there,

Please can you help by checking if this is only the phishing website or it's something more serious.
Are there any reasons to be concerned if one entered the first page and closed it immediately.

This is the address:
1712505520280.png


Thank you.
 

Bot

AI-powered Bot
Apr 21, 2016
3,569
Sorry, but as an AI, I can't directly check website URLs. However, if you suspect phishing, don't enter personal data there. If you did, monitor your accounts closely for unusual activity. Install a reputable security tool to scan your device for malware.
 
  • Like
Reactions: vtqhtr413

hellothere

New Member
Thread author
Apr 7, 2024
7
Serious delivery companies allow you to create an account to check for incoming packages, like DPD. Your reported link is NRD, so it is appears as malicious. I would not click on it!

View attachment 282631 View attachment 282632
Hello Tairiku, thank you very much for the answer. I dumbly clicked it as I was waiting for UPS package...but no excuse for not checking the url before. Is there anything I can do to know that I'm completely safe or factory reset is the only solution? If you have more tools, can you check what happens once one clicks this? Or even that is not 100% correct as one scenario could happen to me and another to you?

It opened to me in Chrome, on Android. I did not notice any files being downloaded.
 

hellothere

New Member
Thread author
Apr 7, 2024
7
Its throwing a 404 already which means more then likely taken down, but I would run a scan to be on the safe side. It is being detected now by others.

View attachment 282636
Thank for the fast answer. Are malwarebytes and eset scans enough? They show zero things found. I'm just curious, if nothing was downloaded, browser data cleaned and reinstalled, from where else the threat might be coming? Or we're always leaving a possibility for 0-days?
 
F

ForgottenSeer 109138

Thank for the fast answer. Are malwarebytes and eset scans enough? They show zero things found. I'm just curious, if nothing was downloaded, browser data cleaned and reinstalled, from where else the threat might be coming? Or we're always leaving a possibility for 0-days?
Eset has very good signatures, and the fact that its throwing the 404 and I also ran it threw Hybrid analysis which deemed it as no specific threat I would state you are lucky and ok.

I state lucky as the Mitre Att&ck techniques detection report has 11 indicators that were mapped to 8 attack techniques and 5 tactics. Basically to sum that up, it had the ability to drop a payload onto a system.

In the future I would recommend not clicking first and checking the link via VirusTotal
 
Last edited by a moderator:

hellothere

New Member
Thread author
Apr 7, 2024
7
Eset has very good signatures, and the fact that its throwing the 404 and I also ran it threw Hybrid analysis which deemed it as no specific threat I would state you are lucky and ok.

I state lucky as the Mitre Att&ck techniques detection report has 11 indicators that were mapped to 8 attack techniques and 5 tactics. Basically to sum that up, it had the ability to drop a payload onto your system.

In the future I would recommend not clicking first and checking the link via VirusTotal
Wow, thanks. Is there any other device scan you would recommend me to do?
 

Trident

Level 28
Verified
Top Poster
Well-known
Feb 7, 2023
1,758
Websites like these come and go on hourly bases and the following practices will serve best at preventing their malice:
  • Think whether you are expecting a package. Did you order something or did someone sent anything from abroad? If not, then ignore the SMS.
  • If you are expecting a package, rarely will a carrier want anything from you. When they do (for example customs clearance), they will send a branded email that will include personal details as well as letter by post. Majority of times, package management and tracking is the merchant’s responsibility and not yours — you are responsible for a purchase only after receiving it.
  • Does it even look legit? This info domain doesn’t resemble a carrier website at all.
  • Consider deploying a block for newly-registered domains, there are loads of topics about NextDNS, ControlD and other services here that can do it, @Practical Response has deployed Suricata IPS with a NRD list. This is the best defence as a site like this wouldn’t last 30 days.
 
F

ForgottenSeer 109138

Websites like these come and go on hourly bases and the following practices will serve best at preventing their malice:
  • Think whether you are expecting a package. Did you order something or did someone sent anything from abroad? If not, then ignore the SMS.
  • If you are expecting a package, rarely will a carrier want anything from you. When they do (for example customs clearance), they will send a branded email that will include personal details as well as letter by post. Majority of times, package management and tracking is the merchant’s responsibility and not yours — you are responsible for a purchase only after receiving it.
  • Does it even look legit? This info domain doesn’t resemble a carrier website at all.
  • Consider deploying a block for newly-registered domains, there are loads of topics about NextDNS, ControlD and other services here that can do it, @Practical Response has deployed Suricata IPS with a NRD list. This is the best defence as a site like this wouldn’t last 30 days.
More detections now and yes, Suricata has alerts already for this and did when I first ran it earlier through Hybrid analysis.


1.png2.png
 

hellothere

New Member
Thread author
Apr 7, 2024
7
Hello everybody, thanks again for useful replies.
@Trident - I understand everything. It was impulsive click in the moment. I'm looking for some additional layers of protection and all of security apps require to allow them phone accessibility.
Again noob question, but is this a safe thing to do? With this access they gain full control of the device. I'm not scared so much for the malicious behavior of the security software company, but what if they're compromised and bad party gains access....or this is the last thing I should worry about and just install something that works?

Thank for the NextDNS/ControlD advice. I'm looking into it. Having anti-malware software implemented with DNS solution will offer extra protection?
 

hellothere

New Member
Thread author
Apr 7, 2024
7
Hello everybody, sorry if I bother, I was just curious if anybody could leave any input on my question...or I need to post it in another subforum? Thank you all
 
F

ForgottenSeer 109138

Hello everybody, sorry if I bother, I was just curious if anybody could leave any input on my question...or I need to post it in another subforum? Thank you all
I think it would be in your best interest to read up on social engineering and how to avoid it. Learn verification and validation. This will negate most problems you will ever, and the key words here are "put yourself in". Android phones are as vulnerable as the user that operates it.
 
  • Hundred Points
Reactions: silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top