cross-posted from: https://lemdit.com/post/35084
Today I received this text message:
- Opening the URL from a desktop computer redirects to the real NZ Post website.
- Opening the URL from mobile shows a convincing spoofed NZ Post tracking page:
The objective of the scam is to get you to click on “Schedule a Redelivery” and give them your personal details:
They will use this information to contact you and attempt to scam money from you, as well as try any future scams they may come up with.
The combination of URL + believable phishing page makes this scam particularly easy to fall for. If you’re from NZ, then it’s a good idea to warn your friends and family about it.
I will report the domain but it usually takes a very long time for anything to be done in these cases.
Real NZ post will always show your package processing at East Tamaki for a week. How dumb do these scammers think we are!
I spent half an hour on the phone with nzpost just today, over a package that I had received a (legitimate) txt message to say my package was with the courier and expected to be delivered within (the next hour). I was home and waiting the entire time, including standing 10m from my letterbox at the moment the status was updated to “Delivery attempted, nobody home”. When I finally got through to a human, they said that on their system, it showed as having been given to the wrong courier route, and explained that the drivers have very limited options to select from as to why they were unable to deliver it.
They weren’t able to tell me where it actually was, but said it’s probably coming back to the depot, where it will be given to the correct courier tomorrow and they’ll try again.
It’s a very clumsy initial message, plus the domain name is obviously not correct. Those are major red flags but of course it will still fool some people.
I’ve heard it said that bad spelling and grammar is actually included in these scams intentionally, because it acts as a sort of filter to weed out the type of people who would casually notice it, and who are more likely to be skeptical of these sorts of things.
And that it’s sent from a cellphone number, that’s a dead giveaway too.
it will definitely fool some people.
These scams are wildly profitable. Too bad I am too ethical to get in on the action.
Been around for a couple of months now. Very believable. Family member was fooled. The actual amount taken is trivial, but the need to change your card is the real pain
Also, banks must be well aware of this as I know we reported it.