This screenshot shows a German‑language phishing page using a small fee (€1.99) as a pretext to steal full credit card details (card number, expiration date, CVV) under the guise of a “tax” to reschedule a delivery.
Threat Analysis: Delivery Fee Phishing – Card Harvesting
How it works:
The victim receives an SMS or email claiming a delivery requires a small tax payment. The link leads to this page, which asks for:
- Full name
- Card number
- Expiration date
- CVV
A fake order number is displayed to appear legitimate.
The goal:
The attacker captures full card details for fraudulent transactions.
Red flags:
- Suspicious URL: The page is hosted on a domain that is not an official courier site.
- Request for CVV: A legitimate delivery service never asks for your card security code for a small fee.
- Small fee trick: €1.99 is a trivial amount intended to lower suspicion.
- No personalization: No real tracking number or address is referenced.
What to do:
- Do not enter any card details.
- If you are expecting a delivery, track it directly on the official courier website.
- If you have already entered card details, contact your bank immediately.
Protective measures:
- Never click links in unsolicited delivery messages.
- Never pay a “redelivery fee” via a link.
- Enable transaction alerts on your bank account.