SEUR delivery fake page detected

Posted byAnti-phishing Leave a comment on SEUR delivery fake page detected

Threat Intel: This scam layout was detected, analyzed, and contained firsthand by the Antiphishing.biz security team during our automated link scanning workflows. To protect the public, the phishing source domain has been fully defanged within our infrastructure. We document and analyze these live visual patterns to help security researchers and users recognize deceptive clone designs before financial damage occurs.

Actual screenshot of "SEUR delivery fake page detected" phishing interface captured during link moderation on our platform.
Figure 1: Actual screenshot of the active phishing operation intercepted by our security systems.

This screenshot shows a phishing page impersonating SEUR, a Spanish courier company. The scam asks the victim to enter an SMS code under the pretext of confirming a delivery or paying a small fee (€2.99). In reality, this code is likely a two‑factor authentication (2FA) code sent by the victim’s bank or card issuer – entering it gives the attacker full access to the victim’s financial account.

Threat Analysis: SEUR Phishing – SMS Code Harvesting (2FA Bypass)

How it works:
The victim receives an SMS or email claiming a package requires a small fee or delivery confirmation. The link leads to this page, which mimics SEUR’s interface. The victim is asked to enter an SMS code, often after having entered card details on a previous page (not shown here). The code is actually a 2FA code from the victim’s bank or card provider. By entering it, the victim allows the attacker to complete a fraudulent transaction or login.

The goal:
The attacker aims to:

  • Steal an SMS-based two‑factor authentication code
  • Use it together with previously stolen card or banking details to authorize unauthorized payments or account access

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not seur.com.
  • SMS code request without context: SEUR does not ask for SMS codes in this manner for a delivery fee.
  • Small fee shown: €2.99 is a tiny amount intended to lower suspicion.
  • Copied branding: The page uses SEUR’s logo and navigation, but the underlying domain is fake.

What to do:

  • Do not enter any SMS code.
  • If you are expecting a SEUR delivery, track it directly by typing seur.com into your browser.
  • If you have already entered a code, contact your bank immediately – the attacker may have already used it to authorize a transaction.
  • Report the phishing page to SEUR and to the relevant authorities.

Protective measures:

  • Never enter an SMS code on a page you reached via a link. Legitimate services only ask for 2FA codes after you have initiated a login on their official site.
  • Always type the courier’s official URL directly.
  • Enable two‑factor authentication using an authenticator app instead of SMS where possible, to reduce this type of attack.

Leave a comment

Your email address will not be published. Required fields are marked *