FedEx phishing page in Slovak revealed

Posted byAnti-phishing Leave a comment on FedEx phishing page in Slovak revealed

A two-step classified ads/phishing scam targeting users in Slovakia. The scam combines fake branding from FedEx and Slovenská pošta (Posta.sk) with a fake payment confirmation page to steal credit card details.

FedEx & Posta.sk Phishing Scam – Fake “Funds Received” & Card Harvesting (Slovak Variant)

This phishing campaign targets sellers on Slovak classified platforms (such as Bazar.sk) by impersonating both FedEx and Slovenská pošta (Posta.sk) . The scam creates a fake “funds received” page and then pressures the seller to “link a card” to receive payment.

How it works:
The victim (a seller) receives a message from a potential buyer claiming they have paid for the item and that the payment is being held by a shipping service. The buyer sends a link to this fake FedEx/Posta.sk payment page. The scam also includes a fake chat support window to add credibility.

Step 1 – Fake FedEx & Posta.sk “Funds Received” Page (First Screenshot)
Step 2 – Credit Card Harvesting Page & Fake Chat Support (Second Screenshot)
After clicking the “Received” button, the victim is taken to this page.

The goal:
The attacker steals the victim’s credit card details. There is no actual payment of 50 €—the entire transaction is fabricated. The fake chat support window is designed to add legitimacy and answer any questions the victim might have, guiding them to complete the card form.

Red flags to watch for:

  • Illogical request for card details: To receive money (prijať platbu), you never need to enter your credit card details. Receiving funds typically requires providing a bank account number (IBAN) or using a payment service—not a credit card number, expiry date, and CVC.
  • Mixed branding: The page uses both FedEx and Posta.sk logos, which is unusual—these are separate companies. A legitimate transaction would not involve both.
  • Fake chat support: The chat window is not a live support feature but a scripted message designed to reassure victims. Legitimate shipping companies do not use embedded chat windows to walk users through payment receipt.
  • Suspicious URL: The pages are hosted on domains that are not fedex.com, posta.sk, or bazar.sk. Always check the address bar.
  • Reference to Bazar.sk: The chat message mentions Bazar.sk (a Slovak classified site), but the payment page is not on the Bazar.sk domain.
  • Poor grammar and formatting: The Slovak text contains some stylistic inconsistencies, and the “Secured by SSL and RSA-Protocol” badge is generic and not linked to a real security certificate.
  • No login required: Legitimate sales on Bazar.sk or payments via shipping companies do not require entering credit card details on a third-party page.

What to do if you encounter this:

  • Do not click “Prijal 50 €” or enter any credit card details.
  • Do not interact with the fake chat support or follow its instructions.
  • If you are selling items on Bazar.sk or similar platforms, always verify any sale by logging into your account directly—never click links sent by buyers.
  • If you have already entered your credit card details, contact your bank immediately to block the card and dispute any unauthorized charges.
  • Report the phishing page to Bazar.sk, FedEx, and Slovenská pošta.

Why this scam is effective:
This scam cleverly combines multiple trusted brands (FedEx, Posta.sk, Bazar.sk) to create a false sense of legitimacy. The fake chat support window is a particularly sophisticated touch—it mimics the “live chat” features common on e-commerce sites and provides a seemingly helpful explanation for why the card details are needed. The relatively low amount (50 €) makes the transaction feel plausible, and the 3-day deadline creates urgency.

Protective measures:

  • Always log into the platform (Bazar.sk, etc.) directly to check for sales—never rely on links in messages.
  • Never enter credit card details to receive payment. Receiving money requires your bank account or PayPal details, which are set once in your account settings, not entered per transaction.
  • Be suspicious of any page that asks for your full credit card details outside of a well-known, trusted payment provider.
  • If a buyer claims they have paid through a shipping company or escrow service, verify directly with the official website of that service using a URL you type yourself—never click links in messages.
  • Legitimate chat support will not ask you to enter card details in a separate form; they will guide you to the official website’s secure payment section.

Leave a comment

Your email address will not be published. Required fields are marked *