Zawartość kursu
Introduction
0/2
What exactly is phishing
How do criminals operate?
Types of phishing
Depending on the communication channel through which the attack is conducted, we distinguish several specific forms of phishing, which demonstrates the continuous adaptation of cybercriminals to new technologies:
0/5
Phishing (Email Phishing)
Smishing (SMS Phishing) – Fraud hidden in SMS messages
Vishing (Voice Phishing) – voice phishing
Quishing (QR Code Phishing)
Spear Phishing
Why is phishing so dangerous?
0/3
Global Services
Use of emotions: positive emotions
Strategies based on negative emotions
Examples of phishing attacks
0/6
Phishing using email: „Tax refund” attack
Phishing using email: Alleged shipment attack
Smishing – scam using SMS
Quishing – an attack using QR Code
Vishing – voice attack
Spear phishing
Principles of protection against phishing
0/6
General rules to protect
Phishing via e-mail
Smishing – SMS Phishing
Vishing – voice phishing
Quishing
Spear phishing
Phishing – don’t fall for internet scammers!

Another, very common and unfortunately effective, example of phishing attacks are scams involving alleged courier or postal shipments. Criminals use the massive scale of logistics operations for this purpose. Recipients receive messages in their email inboxes or as SMS messages, informing them that „a package is waiting for them,” „the shipment has been held in the sorting facility,” or „the package could not be delivered due to an incorrect address.”

These messages usually intentionally provoke anxiety or curiosity. To find out the details about the alleged shipment—for example, to learn how to collect it, check the status, or correct the address—the victim must click on the provided link. This link, of course, leads to a fake website, deceptively resembling the site of a well-known courier or postal company. On this site, the user is asked to provide personal data, login details, and most often, payment card details or to make a symbolic „surcharge” (e.g., PLN 1.50) for re-sending or customs duties. After providing this information, money is stolen from the victim’s account.

You might ask yourself in this situation: how did the criminals know that I was waiting for a package right now? This is the key to understanding the effectiveness of this attack, and the answer is simpler than it seems. This is not a precise targeted attack, but a massive shot with a very high probability of hitting the mark.

As statistics indicate, for example, the report of the Polish Office of Electronic Communications, over 1 billion courier shipments were sent in Poland in 2023 (an increase of about 10% year-on-year). This means that every day, couriers deliver nearly 3 million packages to Polish homes and businesses.

From this simple calculation, it follows that statistically, one out of ten people on a given day will receive a package. What’s more, many more people are waiting for a shipment to arrive in the coming days, or have simply ordered something online recently. The probability of hitting a person who is actually expecting a delivery at a given moment is therefore extremely high.

Therefore, criminals do not need to know what package you are waiting for. They just need to send millions of messages—some of them will reach people who are currently in „delivery waiting mode” and are more likely to click carelessly. Think about how often you are waiting for a package, a registered letter, or another shipment? For most people, this is a frequent enough situation that they automatically consider the false message to be credible. The victim’s vigilance is lulled by the „coincidence” effect.

Source: https://blog.checkpoint.com/security/wheres-the-package-im-expecting-watch-out-for-shipping-and-delivery-related-phishing-emails-that-try-to-track-your-details/

Poprzedni
Dalej