Fake Emirates Post pages detected

Posted byAnti-phishing Leave a comment on Fake Emirates Post pages detected

Threat Intel: This scam layout was intercepted, verified, and locked down firsthand by the Antiphishing.biz security team during our automated link scanning workflows. To protect the public, the phishing source domain has been completely disabled within our infrastructure. We document and analyze these live visual patterns to help security researchers and users recognize deceptive clone designs before financial damage occurs.

Actual screenshot of "Fake Emirates Post pages detected" phishing interface captured during link moderation on our platform.
Figure 1: Actual screenshot of the live scam infrastructure isolated on our infrastructure.

Threat Analysis: Emirates Post Phishing – Small Fee & Card Harvesting

How it works:
The victim receives an SMS, email, or messaging app alert claiming a package requires a small delivery fee or customs payment. The link leads to this page, which mimics the Emirates Post payment interface. The victim is asked to provide:

  • Cardholder name
  • Full card number
  • Expiration date (MM/YY)
  • CVV security code

Logos for Verified by Visa, MasterCard SecureCode, and PayPal are displayed to create a false sense of security. A small amount (AED 12.15) is shown to make the payment seem trivial.

The goal:
The attacker captures complete credit/debit card information (number, expiry, CVV) along with the cardholder’s name to make fraudulent purchases or sell the data.

Red flags to watch for:

  • Suspicious URL: The page is hosted on kaeru.happyspotclub.org, not emiratespost.com or any official Emirates Post domain.
  • Request for CVV: A legitimate postal service never asks for your card security code to collect a delivery fee.
  • Small fee trick: AED 12.15 is a trivial amount intended to lower suspicion.
  • No tracking or package reference: The victim cannot verify the supposed shipment.
  • Copied payment logos: The Visa, MasterCard, and PayPal badges are used to appear legitimate but do not guarantee safety.

What to do if you encounter this:

  • Do not enter any card or personal information.
  • If you are expecting a delivery, track it directly by typing emiratespost.com into your browser.
  • If you have already entered card details, contact your bank immediately to block the card.
  • Report the phishing page to Emirates Post Group and to the relevant authorities.

Protective measures:

  • Never click links in unsolicited delivery messages. Always go directly to the official courier website.
  • Never pay a “redelivery fee” via a link. Legitimate fees are handled in person, through the official app, or after logging into your account.
  • Check the URL carefully: Official Emirates Post domains end with emiratespost.com. Look for misspellings, extra words, or unusual top‑level domains.
  • Enable transaction alerts on your bank account.

Leave a comment

Your email address will not be published. Required fields are marked *