SMS phishing - package delivery

[hellothere]

Hello there,

Please can you help by checking if this is only the phishing website or it's something more serious.
Are there any reasons to be concerned if one entered the first page and closed it immediately.

This is the address:

Thank you.

 

[Bot]

Sorry, but as an AI, I can't directly check website URLs. However, if you suspect phishing, don't enter personal data there. If you did, monitor your accounts closely for unusual activity. Install a reputable security tool to scan your device for malware.

 

[TairikuOkami]

Please can you help by checking if this is only the phishing website or it's something more serious.

Serious delivery companies allow you to create an account to check for incoming packages, like DPD. Your reported link is NRD, so it is appears as malicious. I would not click on it!

 

[hellothere]

Serious delivery companies allow you to create an account to check for incoming packages, like DPD. Your reported link is NRD, so it is appears as malicious. I would not click on it!

View attachment 282631 View attachment 282632

Hello Tairiku, thank you very much for the answer. I dumbly clicked it as I was waiting for UPS package...but no excuse for not checking the url before. Is there anything I can do to know that I'm completely safe or factory reset is the only solution? If you have more tools, can you check what happens once one clicks this? Or even that is not 100% correct as one scenario could happen to me and another to you?

It opened to me in Chrome, on Android. I did not notice any files being downloaded.

 

[Practical Response]

@hellothere Newly detected, but none the less it is not safe.

 

[hellothere]

Newly detected, but none the less.

View attachment 282633View attachment 282634

Hi, to clarify, malicious does not mean that malware is installed on your device once you click? It just means that site is not safe in general? (noob questions, sry)

 

[Practical Response]

Hi, to clarify, malicious does not mean that malware is installed on your device once you click? It just means that site is not safe in general? (noob questions, sry)

Its throwing a 404 already which means more then likely taken down, but I would run a scan to be on the safe side. It is being detected now by others.

 

[hellothere]

Its throwing a 404 already which means more then likely taken down, but I would run a scan to be on the safe side. It is being detected now by others.

View attachment 282636

Thank for the fast answer. Are malwarebytes and eset scans enough? They show zero things found. I'm just curious, if nothing was downloaded, browser data cleaned and reinstalled, from where else the threat might be coming? Or we're always leaving a possibility for 0-days?

 

[Practical Response]

Thank for the fast answer. Are malwarebytes and eset scans enough? They show zero things found. I'm just curious, if nothing was downloaded, browser data cleaned and reinstalled, from where else the threat might be coming? Or we're always leaving a possibility for 0-days?

Eset has very good signatures, and the fact that its throwing the 404 and I also ran it threw Hybrid analysis which deemed it as no specific threat I would state you are lucky and ok.

I state lucky as the Mitre Att&ck techniques detection report has 11 indicators that were mapped to 8 attack techniques and 5 tactics. Basically to sum that up, it had the ability to drop a payload onto a system.

In the future I would recommend not clicking first and checking the link via VirusTotal

 

[hellothere]

Eset has very good signatures, and the fact that its throwing the 404 and I also ran it threw Hybrid analysis which deemed it as no specific threat I would state you are lucky and ok.

I state lucky as the Mitre Att&ck techniques detection report has 11 indicators that were mapped to 8 attack techniques and 5 tactics. Basically to sum that up, it had the ability to drop a payload onto your system.

In the future I would recommend not clicking first and checking the link via VirusTotal

Wow, thanks. Is there any other device scan you would recommend me to do?

 

[Trident]

Websites like these come and go on hourly bases and the following practices will serve best at preventing their malice:

• Think whether you are expecting a package. Did you order something or did someone sent anything from abroad? If not, then ignore the SMS.
• If you are expecting a package, rarely will a carrier want anything from you. When they do (for example customs clearance), they will send a branded email that will include personal details as well as letter by post. Majority of times, package management and tracking is the merchant’s responsibility and not yours — you are responsible for a purchase only after receiving it.
• Does it even look legit? This info domain doesn’t resemble a carrier website at all.
• Consider deploying a block for newly-registered domains, there are loads of topics about NextDNS, ControlD and other services here that can do it, @Practical Response has deployed Suricata IPS with a NRD list. This is the best defence as a site like this wouldn’t last 30 days.

 

[Practical Response]

Websites like these come and go on hourly bases and the following practices will serve best at preventing their malice:

• Think whether you are expecting a package. Did you order something or did someone sent anything from abroad? If not, then ignore the SMS.
• If you are expecting a package, rarely will a carrier want anything from you. When they do (for example customs clearance), they will send a branded email that will include personal details as well as letter by post. Majority of times, package management and tracking is the merchant’s responsibility and not yours — you are responsible for a purchase only after receiving it.
• Does it even look legit? This info domain doesn’t resemble a carrier website at all.
• Consider deploying a block for newly-registered domains, there are loads of topics about NextDNS, ControlD and other services here that can do it, @Practical Response has deployed Suricata IPS with a NRD list. This is the best defence as a site like this wouldn’t last 30 days.

More detections now and yes, Suricata has alerts already for this and did when I first ran it earlier through Hybrid analysis.

 

[hellothere]

Hello everybody, thanks again for useful replies.
@Trident - I understand everything. It was impulsive click in the moment. I'm looking for some additional layers of protection and all of security apps require to allow them phone accessibility.
Again noob question, but is this a safe thing to do? With this access they gain full control of the device. I'm not scared so much for the malicious behavior of the security software company, but what if they're compromised and bad party gains access....or this is the last thing I should worry about and just install something that works?

Thank for the NextDNS/ControlD advice. I'm looking into it. Having anti-malware software implemented with DNS solution will offer extra protection?

 

[hellothere]

Hello everybody, sorry if I bother, I was just curious if anybody could leave any input on my question...or I need to post it in another subforum? Thank you all

 

[Practical Response]

Hello everybody, sorry if I bother, I was just curious if anybody could leave any input on my question...or I need to post it in another subforum? Thank you all

I think it would be in your best interest to read up on social engineering and how to avoid it. Learn verification and validation. This will negate most problems you will ever, and the key words here are "put yourself in". Android phones are as vulnerable as the user that operates it.