A phishing campaign targeting residents in Saudi Arabia impersonates Saudi Post (SPL) via SMS to steal personal information and credit card data through a fake “address correction” page. The attack uses realistic clones of the official SPL portal to harvest credentials and intercept one-time passwords (OTPs) for fraudulent transactions.
Threat Intel: This spoofed page was detected, analyzed, and contained firsthand by the Antiphishing.biz security team during our standard URL vetting operations. To protect the public, the phishing source domain has been safely deactivated within our infrastructure. We document and analyze these live visual patterns to help security researchers and users detect replica fraud techniques before financial damage occurs.
These phishing cases highlight attackers’ use of urgent, fake alerts to steal credentials and financial data through compromised “password reset,” billing, and parcel delivery scenarios. Key protections include ignoring unexpected links, verifying URLs against official domains, and using app-based 2FA to prevent account takeovers.
Recent phishing campaigns are exploiting trusted brands through urgent, fake security or billing notifications designed to harvest account credentials and financial data. Attackers are using real-time interception of 2FA codes and small, fake “delivery fees” to bypass security and steal sensitive personal information, including SSNs and CVVs. Always verify alerts directly through official apps rather than links in SMS or email messages.