Threat Analysis: Israeli Package Delivery Phishing – Small Fee & Card Harvesting
Step 1 – Fake Delivery Notice (First Screenshot)
The victim receives a message claiming a package is waiting. It includes a fake tracking number and states a small fee (ILS 6.21) is required to complete delivery. The text references EMS / ECO POST to appear legitimate.
Step 2 – Payment & Card Details Page (Second Screenshot)
The victim is directed to a page that asks for:
- Identity document number (תעודת זהות)
- Email address
- Full name
- Card number
- Expiration date
- CVV code
The button is labelled “Pay & Next.”
The goal:
The attacker collects:
- National ID number (for identity theft)
- Email address and full name
- Complete credit card details (number, expiry, CVV)
With these, they can make fraudulent purchases, clone the card, or commit identity theft.
Red flags:
- Suspicious URL: The page is hosted on a domain that is not an official postal service (EMS, Israel Post, etc.).
- Small fee trick: Scammers use a tiny amount (ILS 6.21) to make the payment seem trivial and lower suspicion.
- Request for national ID + card details together: A legitimate delivery service never asks for both.
- Unsolicited message: Postal services do not send links asking for payment via SMS or email.
What to do if you encounter this:
- Do not click the link or enter any personal or card information.
- If you are expecting a package, track it directly by typing the official courier website (e.g.,
israelpost.co.il) into your browser. - If you have already entered card details, contact your bank immediately to block the card.
Protective measures:
- Never click links in unsolicited delivery messages. Always go directly to the official courier website.
- Never pay a “redelivery fee” via a link. Legitimate fees are handled in person or through the official site after logging in.
- Enable two‑factor authentication on your bank account and email.