Threat actors have found continuous success using package delivery services as SMS phishing lures since the start of the COVID-19 pandemic and package delivery phishing attacks are the number one harvester of credit cards that WMC Global is currently seeing. Scammers now gravitate towards any new courier as a lure because of the sheer effectiveness of the campaigns. These lures are often used to perform call back scams but consumers get wise to the same attack content, resulting in threat actors needing to diversify and increase their portfolio of campaigns. Introducing Evri, the latest UK courier company to be heavily targeted and brand abused for credential phishing attacks. 

Over the last two years, threat actors have found many lucrative ways to exploit pandemic-induced lifestyle changes and financial strain by creating scams using package delivery services as well as unemployment payments, grants, and vaccine passports as lures. As the world begins to adjust to life beyond Covid-19, threat actors are creating new lures, while still focusing on consumer behavior driven by the pandemic.  

This blog is released in partnership with Mobile Ecosystem Forum (MEF), of which WMC Global is a proud member.

Throughout the early months of the COVID-19 pandemic, when companies and consumers were forced to adapt to remote working arrangements and adopt digital interactions with family and friends to stay connected, PhishFeed witnessed a stark rise in phishing attacks, particularly in attacks configured to show only on mobile devices. Since January 2020, PhishFeed has collected tens of thousands of phishing URLs and kits, many of which were branded with COVID-themed domains, URLs, or attack content by the responsible threat actors, as seen in Figure 1.