Recently I've received SMS alerts regarding package delivery problems directing me to three different scam sites:
* completeshipingform.info (note the misspelling) * shipment-overview.info * shipmentsetback.info
The sites masquerade as Canada Post and are stealing people's names, addresses, phone numbers, birth dates, and credit card info. They are designed for mobile devices; if the user-agent indicates a desktop browser they redirect to Google. (One can get around this by installing an add-on to spoof the user-agent.)
I complained to NameSilo, the registrar. They told me they don't care what's running on the site they've registered.
I've filed multiple complaints with Alibaba Cloud, who are apparently hosting these sites. They've done nothing. A chat with customer support indicated they want to get "their side" of the story--that is, the customer who put up the site. This is extremely disingenuous on their part, as it's obvious the sites are scams and exist only to steal information.
I'm disappointed and frustrated at the lack of response to thieves and scammers openly operating on the web while the gatekeepers sit aside and do nothing.
Wonder if it would be worth reporting it to Canada Post, as the victims of the scam (at least in terms of identity theft, reputation, etc.)? They might have more clout in trying to get action than an individual complaint would.
Gilbert
On 2024-03-15 10:17 a.m., Brian Lowe wrote:
Recently I've received SMS alerts regarding package delivery problems directing me to three different scam sites:
- completeshipingform.info (note the misspelling)
- shipment-overview.info
- shipmentsetback.info
The sites masquerade as Canada Post and are stealing people's names, addresses, phone numbers, birth dates, and credit card info. They are designed for mobile devices; if the user-agent indicates a desktop browser they redirect to Google. (One can get around this by installing an add-on to spoof the user-agent.)
I complained to NameSilo, the registrar. They told me they don't care what's running on the site they've registered.
I've filed multiple complaints with Alibaba Cloud, who are apparently hosting these sites. They've done nothing. A chat with customer support indicated they want to get "their side" of the story--that is, the customer who put up the site. This is extremely disingenuous on their part, as it's obvious the sites are scams and exist only to steal information.
I'm disappointed and frustrated at the lack of response to thieves and scammers openly operating on the web while the gatekeepers sit aside and do nothing.
On Friday, March 15, 2024 12:26:23 P.M. CDT you wrote:
Wonder if it would be worth reporting it to Canada Post, as the victims of the scam (at least in terms of identity theft, reputation, etc.)? They might have more clout in trying to get action than an individual complaint would.
Unfortunately, there doesn't seem to be a place on the Canada Post web site to inform them of scam sites.
On 2024-03-15 Brian Lowe wrote:
Recently I've received SMS alerts regarding package delivery problems directing me to three different scam sites:
- completeshipingform.info (note the misspelling)
- shipment-overview.info
- shipmentsetback.info
Ya, I've seen an explosion in sms scams in the last few months. Packages, taxes/CRA, online account problems (e.g. Netflix). It's a bit shocking as I work with a company sending legit sms and it's a) really hard to get even legit things accepted by carriers, b) it's hard to get new 10DLC and TFN (phone numbers you send from) approved, and c) it costs money (per text).
The best advice I can offer at the moment is your sms reading program on the phone should let you long-click something to get a block number option. However, they bounce around numbers all the time, but at least you won't deal with the same one twice.
designed for mobile devices; if the user-agent indicates a desktop browser they redirect to Google. (One can get around this by installing an add-on to spoof the user-agent.)
That's interesting! If it's phishing, why do they care the platform? I wonder if it's attempts to exploit all the recent phone OS exploits, like the image overflow one?
Does the final site ask you for credentials or cards or anything (typical phishing)? Or does it look like it goes nowhere (maybe attempted CVE exploits).
I complained to NameSilo, the registrar. They told me they don't care what's running on the site they've registered.
Registrar doesn't have much to do with it... but...
I've filed multiple complaints with Alibaba Cloud, who are apparently
The web hoster should care. Of course, "Alibaba" hints this is a hoster in China? You won't get anywhere with them, don't even bother. Only a hoster in a reputable country will care, and even then...
People just need to assume everything they get in text/email is a lie/scam. I read some article the other day that said Canadians fall for this garbage to the tune of (I can't recall but somewhere around) hundreds of millions a year. The best us computer guys can do is instill this required sense of distrust in lay-people.
This is a case where (most) resistance is futile. I get 5-20 of these every day, and for several months already. It sounds like you're getting way less, and only more recently.
The good news is that these are terribly obvious scams to even just moderately astute observers, but the bad news is that some Canadians do fall for it. I'm also not surprised that the registrar(s) and the Web hosting site(s) you mentioned don't care.
Gilbert's suggestion of reporting this to Canada Post does have merit, as Canada Post is also a victim by being impostered. The problem is, we can't identify the culprit (who is often in another part of the world).
Trevor's suggestions are interesting, but "block numbers", "block e-mail addresses", "block Websites", etc, are all useless, as these crooks change numbers, e-mail addresses, and Websites several times a day. I discovered that several weeks ago when I pursued a particular number/address/site within a few hours of receiving the same texts/e-mails multiple times, and already, the numbers were "out of service", the e-mail addresses bounced, the sites were gone, and the domain names were suspended (so some registrars and hosts do act swiftly).
As for telephone numbers, they are usually false callerID (spoofing) in the first place, and the requested reply is a Web link. As a VoIP implementer and reseller myself, I've tested how easy it is to fake the callerID. When a friend or customer doubts this, I just call them back "from their own number". That settles it quickly (and freaks them out)!
Indeed, as per Trevor, a well-informed public is the best defense.
Hartmut
On Fri 15 Mar 2024 at 10:17:13 -05:00, Brian Lowe brian2@groupbcl.ca wrote:
Recently I've received SMS alerts regarding package delivery problems directing me to three different scam sites:
- completeshipingform.info (note the misspelling)
- shipment-overview.info
- shipmentsetback.info
The sites masquerade as Canada Post and are stealing people's names, addresses, phone numbers, birth dates, and credit card info. They are designed for mobile devices; if the user-agent indicates a desktop browser they redirect to Google. (One can get around this by installing an add-on to spoof the user-agent.)
I complained to NameSilo, the registrar. They told me they don't care what's running on the site they've registered.
I've filed multiple complaints with Alibaba Cloud, who are apparently hosting these sites. They've done nothing. A chat with customer support indicated they want to get "their side" of the story--that is, the customer who put up the site. This is extremely disingenuous on their part, as it's obvious the sites are scams and exist only to steal information.
I'm disappointed and frustrated at the lack of response to thieves and scammers openly operating on the web while the gatekeepers sit aside and do nothing.
Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable
-
Brian Lowe -
Gilbert Detillieux -
Hartmut W Sager -
Trevor Cordes