cross-posted from: https://lemdit.com/post/35084
Today I received this text message:
- Opening the URL from a desktop computer redirects to the real NZ Post website.
- Opening the URL from mobile shows a convincing spoofed NZ Post tracking page:
The objective of the scam is to get you to click on “Schedule a Redelivery” and give them your personal details:
They will use this information to contact you and attempt to scam money from you, as well as try any future scams they may come up with.
The combination of URL + believable phishing page makes this scam particularly easy to fall for. If you’re from NZ, then it’s a good idea to warn your friends and family about it.
I will report the domain but it usually takes a very long time for anything to be done in these cases.
It’s a very clumsy initial message, plus the domain name is obviously not correct. Those are major red flags but of course it will still fool some people.
I’ve heard it said that bad spelling and grammar is actually included in these scams intentionally, because it acts as a sort of filter to weed out the type of people who would casually notice it, and who are more likely to be skeptical of these sorts of things.
it will definitely fool some people.
These scams are wildly profitable. Too bad I am too ethical to get in on the action.