SEUR delivery fake page detected

This screenshot shows a phishing page impersonating SEUR, a Spanish courier company. The scam asks the victim to enter an SMS code under the pretext of confirming a delivery or paying a small fee (€2.99). In reality, this code is likely a two‑factor authentication (2FA) code sent by the victim’s bank or card issuer – entering it gives the attacker full access to the victim’s financial account.

Threat Analysis: SEUR Phishing – SMS Code Harvesting (2FA Bypass)

How it works:
The victim receives an SMS or email claiming a package requires a small fee or delivery confirmation. The link leads to this page, which mimics SEUR’s interface. The victim is asked to enter an SMS code, often after having entered card details on a previous page (not shown here). The code is actually a 2FA code from the victim’s bank or card provider. By entering it, the victim allows the attacker to complete a fraudulent transaction or login.

The goal:
The attacker aims to:

  • Steal an SMS-based two‑factor authentication code
  • Use it together with previously stolen card or banking details to authorize unauthorized payments or account access

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not seur.com.
  • SMS code request without context: SEUR does not ask for SMS codes in this manner for a delivery fee.
  • Small fee shown: €2.99 is a tiny amount intended to lower suspicion.
  • Copied branding: The page uses SEUR’s logo and navigation, but the underlying domain is fake.

What to do:

  • Do not enter any SMS code.
  • If you are expecting a SEUR delivery, track it directly by typing seur.com into your browser.
  • If you have already entered a code, contact your bank immediately – the attacker may have already used it to authorize a transaction.
  • Report the phishing page to SEUR and to the relevant authorities.

Protective measures:

  • Never enter an SMS code on a page you reached via a link. Legitimate services only ask for 2FA codes after you have initiated a login on their official site.
  • Always type the courier’s official URL directly.
  • Enable two‑factor authentication using an authenticator app instead of SMS where possible, to reduce this type of attack.

USPS fake page revealed

This screenshot shows a phishing page impersonating USPS (United States Postal Service) , using a small fee ($2.99) as a pretext to steal credit card details. The page claims the victim has been transferred to a “secure payment environment” and displays a Visa logo, but the actual card entry form is likely on a subsequent page or may have been omitted from the screenshot.

Threat Analysis: USPS Phishing – Small Fee & Card Harvesting

How it works:
The victim receives an SMS or email claiming a package requires a redelivery fee, customs payment, or address confirmation. The link leads to a fake USPS tracking page, then redirects to this “secure payment” page. The victim is asked to enter credit card details (full number, expiration, CVV) to pay the $2.99 fee.

The goal:
The attacker captures full credit/debit card information to make fraudulent purchases or sell the data.

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not usps.com. Legitimate USPS payment pages are only on official domains.
  • Small fee trick: $2.99 is a trivial amount designed to lower suspicion.
  • Fake “secure payment environment” claim: Real USPS payments are integrated into the official site, not presented on a generic page like this.
  • No tracking number or personalized information: The page lacks any details that would tie it to an actual package.

What to do if you encounter this:

  • Do not enter any card details.
  • If you are expecting a USPS delivery, track it directly by typing usps.com into your browser.
  • If you have already entered card details, contact your bank immediately to block the card.
  • Report the phishing page to USPS (e.g., via their official fraud reporting page).

Protective measures:

  • Never click links in unsolicited delivery messages. Always go directly to the official courier website.
  • Never pay a “redelivery fee” via a link. Legitimate fees are collected through the official site after logging in or upon delivery.
  • Enable transaction alerts on your bank account to catch unauthorized charges early.

SPL Post fake page in Arabic detected

This screenshot shows a phishing page impersonating Saudi Post (SPL – البريد السعودي سبل) , targeting Arabic‑speaking users in Saudi Arabia. The scam asks for a small fee (4.98 SAR) as a pretext to collect full name, phone number, and complete credit/debit card details.

Threat Analysis: Saudi Post Phishing – Small Fee & Card Harvesting

How it works:
The victim receives an SMS or email claiming a package requires a delivery fee, customs payment, or address confirmation. The link leads to this page, which mimics the Saudi Post payment interface. The victim is asked to provide:

  • Full name
  • Phone number
  • Card number
  • Expiration date
  • CVV

The small amount (4.98 SAR) is intended to lower suspicion.

The goal:
The attacker captures full credit/debit card information (number, expiry, CVV) along with personal details (name, phone) to make fraudulent purchases, clone the card, or sell the information.

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not sp.post.gov.sa or any official Saudi Post domain.
  • Request for CVV for a small fee: Legitimate postal services do not ask for your card security code to collect a delivery fee.
  • Small fee trick: A trivial amount (4.98 SAR) is used to make the payment seem insignificant.
  • No tracking number or personalization: The page does not reference a specific package or tracking number that the victim can verify independently.
  • Fake payment branding: Logos for Visa, mada, and Mastercard are displayed to appear legitimate, but they are simply copied.

What to do if you encounter this:

  • Do not enter any personal or card information.
  • If you are expecting a package from Saudi Post, track it directly by typing sp.post.gov.sa into your browser.
  • If you have already entered card details, contact your bank immediately to block the card and dispute any unauthorized charges.
  • Report the phishing page to Saudi Post and to the relevant authorities.

Protective measures:

  • Never click links in unsolicited delivery messages. Always go directly to the official courier website.
  • Never pay a “redelivery fee” via a link. Legitimate fees are collected in person, through the official app, or after logging into your account on the official site.
  • Check the URL carefully: Look for misspellings, extra words, or unusual top‑level domains.
  • Enable two‑factor authentication on your bank account and email.

La Poste fake page in French detected

These two screenshots show a two‑step phishing campaign impersonating La Poste (the French postal service). The scam uses a small fee (€3.00) as a pretext to harvest personal information and full credit card details.

Threat Analysis: La Poste Phishing – Personal Info & Card Harvesting

Step 1 – Personal Information Page (First Screenshot)
The victim is asked to provide:

  • First name, last name
  • Email address
  • Street address, city, postal code
  • Phone number

A total of €3.00 is displayed, and logos for Visa, PayPal, and “secured payment” are shown to appear legitimate.

Step 2 – Card Details Page (Second Screenshot)
After submitting personal information, the victim is taken to a page asking for:

  • Full card number
  • Expiration date (MM/YY)
  • CVV

A “Valider et payer” (validate and pay) button submits the data.

The goal:
The attacker collects:

  • Personal identity details (name, address, email, phone) for identity theft
  • Full credit/debit card information (number, expiry, CVV) for fraudulent purchases

Red flags to watch for:

  • Suspicious URL: The pages are hosted on a domain that is not laposte.fr. Legitimate La Poste services use official domains.
  • Small fee trick: €3.00 is a trivial amount meant to lower suspicion.
  • No tracking or package reference: The victim is not given any tracking number or shipment details to verify.
  • Request for CVV: A legitimate postal service does not ask for your card security code to collect a small fee.
  • Copied branding: The pages use La Poste’s logo, slogans (“Livraison gratuite,” “Proche de vous”), and payment icons, but these are copied from the real site.

What to do if you encounter this:

  • Do not enter any personal or card information.
  • If you are expecting a delivery, track it directly by typing laposte.fr into your browser.
  • If you have already entered card details, contact your bank immediately to block the card.
  • Report the phishing page to La Poste’s fraud team.

Protective measures:

  • Never click links in unsolicited delivery messages. Always go directly to the official courier website.
  • Never pay a “redelivery fee” via a link. Legitimate fees are collected through the official site after logging in or upon delivery.
  • Check the URL carefully: Legitimate La Poste domains end with laposte.fr. Look for misspellings, extra words, or unusual top‑level domains.
  • Enable transaction alerts on your bank account to catch unauthorized charges early.

Aramex delivery fake tracking page in Arabic revealed

This screenshot shows a phishing page impersonating a delivery service (likely Saudi Post or a local courier), targeting Arabic‑speaking users. It uses a small fee (6 SAR) as a pretext to collect full name, full card details, and CVV.

Threat Analysis: Delivery Service Phishing – Small Fee & Card Harvesting

How it works:
The victim receives an SMS or email claiming a package requires a shipping fee. The link leads to this page, which displays:

  • A fake tracking number
  • A small amount (6 SAR)
  • Fields for full name, card number, expiration date, and CVV

The goal:
The attacker captures full credit/debit card information (number, expiry, CVV) along with the victim’s name, enabling fraudulent transactions.

Red flags:

  • Suspicious URL: The page is hosted on a domain that is not the official courier’s website.
  • Request for CVV for a small shipping fee: Legitimate couriers do not ask for your card security code to collect a delivery fee.
  • Small fee trick: 6 SAR is a trivial amount intended to lower suspicion.
  • Fake tracking number: The tracking number cannot be verified on the official postal website.
  • No personalization: The message does not reference an actual package or address.

What to do:

  • Do not enter any personal or card information.
  • If you are expecting a delivery, track it directly on the official courier website using your real tracking number.
  • If you have already entered card details, contact your bank immediately to block the card.

Protective measures:

  • Never click links in unsolicited delivery messages. Always go directly to the official courier site.
  • Never pay a “redelivery fee” via a link. Legitimate fees are handled through official portals or in person.
  • Enable transaction alerts on your bank account.

Fake DHL page in German detected

This screenshot shows a German‑language phishing page using a small fee (€1.99) as a pretext to steal full credit card details (card number, expiration date, CVV) under the guise of a “tax” to reschedule a delivery.

Threat Analysis: Delivery Fee Phishing – Card Harvesting

How it works:
The victim receives an SMS or email claiming a delivery requires a small tax payment. The link leads to this page, which asks for:

  • Full name
  • Card number
  • Expiration date
  • CVV

A fake order number is displayed to appear legitimate.

The goal:
The attacker captures full card details for fraudulent transactions.

Red flags:

  • Suspicious URL: The page is hosted on a domain that is not an official courier site.
  • Request for CVV: A legitimate delivery service never asks for your card security code for a small fee.
  • Small fee trick: €1.99 is a trivial amount intended to lower suspicion.
  • No personalization: No real tracking number or address is referenced.

What to do:

  • Do not enter any card details.
  • If you are expecting a delivery, track it directly on the official courier website.
  • If you have already entered card details, contact your bank immediately.

Protective measures:

  • Never click links in unsolicited delivery messages.
  • Never pay a “redelivery fee” via a link.
  • Enable transaction alerts on your bank account.

Fake Ceska Posta page in Czech detected

This screenshot shows a phishing page impersonating Česká pošta (Czech Post) , targeting Czech‑speaking users. The scam uses a small delivery fee (38 CZK) as a pretext to harvest personal information and full credit card details.

Threat Analysis: Česká Pošta Phishing – Personal Info & Card Harvesting

How it works:
The victim receives an SMS, email, or messaging app alert claiming a package requires a small delivery fee to be released. The link leads to this page, which mimics the official Česká pošta interface. The victim is asked to provide:

  • Personal details: first name, surname, street address, city, postal code, phone number
  • Payment details: cardholder name, full card number, expiration date (MM/YYYY), CVV

A fake tracking number and a total of 38 CZK are displayed to make the request appear legitimate.

The goal:
The attacker collects:

  • Personal identity information (name, address, phone) for identity theft or further scams
  • Full credit/debit card details (number, expiry, CVV) to make fraudulent purchases or sell the data

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not ceskaposta.cz. Legitimate Czech Post services use only official domains.
  • Request for CVV for a small fee: A legitimate postal service never asks for your card security code to collect a delivery fee.
  • Small fee trick: 38 CZK is a trivial amount intended to lower suspicion.
  • Fake tracking number: The tracking code cannot be verified on the official Česká pošta website.
  • No personalization: The page does not reference a genuine package or address the victim by name.
  • Copied branding: The page uses the Česká pošta logo and layout, but these are copied from the real site.

What to do if you encounter this:

  • Do not enter any personal or card information.
  • If you are expecting a package, track it directly by typing ceskaposta.cz into your browser and using your real tracking number.
  • If you have already entered card details, contact your bank immediately to block the card and dispute any unauthorized charges.
  • Report the phishing page to Česká pošta and to the relevant authorities.

Protective measures:

  • Never click links in unsolicited delivery messages. Always go directly to the official courier website.
  • Never pay a “redelivery fee” via a link. Legitimate fees are handled in person, through the official app, or after logging into your account on the official site.
  • Check the URL carefully: Legitimate Česká pošta domains end with ceskaposta.cz. Look for misspellings, extra words, or unusual top‑level domains.
  • Enable transaction alerts on your bank account to catch unauthorized charges early.

Israel Post fake page in Hebrew detected

Thank you for the clarification. The two screenshots are indeed Hebrew‑language phishing pages impersonating a local courier or postal service (likely Israel Post or a similar carrier). The text appeared garbled in the automatic fetch, but the layout matches the classic two‑step delivery scam.

Threat Analysis: Hebrew Delivery Phishing – Personal Info & Card Harvesting

Step 1 – Personal Information Page
The victim is asked to provide:

  • Full name
  • Address, city, postal code
  • Phone number

Step 2 – Card Details Page
The second page requests:

  • Cardholder name
  • Full card number
  • Expiration date (MM/YY)
  • CVV security code

A small delivery fee is displayed (typically a few shekels) to make the payment seem trivial and urgent.

The goal:
The attacker collects:

  • Personal identity details for future fraud or identity theft
  • Full credit/debit card information to make unauthorized purchases or sell the data

Red flags:

  • Suspicious URL: The page is hosted on a domain that is not the official postal service website.
  • Request for CVV: A legitimate courier never asks for your card security code to collect a delivery fee.
  • Small fee trick: A negligible amount is used to lower suspicion.
  • No trackable package reference: The victim cannot verify the supposed shipment.

What to do:

  • Do not enter any personal or card information.
  • If you are expecting a delivery, track it directly by typing the official courier URL into your browser.
  • If you have already entered card details, contact your bank immediately to block the card.

Protective measures:

  • Never click links in unsolicited delivery messages.
  • Always go directly to the official courier website.
  • Enable transaction alerts on your bank account.

Magyar Posta fake page in Hungarian detected

This screenshot shows a Hungarian‑language phishing page impersonating a courier service (likely Magyar Posta or a similar carrier). The scam uses a small delivery fee (362.74 HUF) as a pretext to collect full credit card details and personal address information.

Threat Analysis: Hungarian Delivery Phishing – Card & Personal Data Harvesting

How it works:
The victim receives an SMS or email claiming a package requires a forwarding or service fee. The link leads to this page, which asks for:

  • Full card number, expiration date, CVV
  • Full name
  • Street address, city, postal code

A fake tracking number and a small amount (362.74 HUF) are displayed to make the request appear legitimate.

The goal:
The attacker captures:

  • Full credit/debit card details for fraudulent transactions
  • Personal identity information (name, address) for identity theft

Red flags:

  • Suspicious URL: The page is not on the official courier’s domain.
  • Request for CVV: Legitimate postal services never ask for your card security code for a delivery fee.
  • Small fee trick: A trivial amount lowers suspicion.
  • No trackable package reference: The victim cannot verify the supposed shipment.

What to do:

  • Do not enter any personal or card information.
  • Track packages directly by typing the official courier’s URL into your browser.
  • If you have already entered card details, contact your bank immediately.

Protective measures:

  • Never click links in unsolicited delivery messages.
  • Always go directly to the official courier website.
  • Enable transaction alerts on your bank account.

MobilePay fake page in Danish detected

These two screenshots show a Danish‑language phishing campaign impersonating MobilePay, a popular mobile payment service in Denmark. The scam threatens account suspension and demands that the victim provide their phone number, full card details, and CVV under the pretext of “updating” the account.

Threat Analysis: MobilePay Phishing – Account Suspension Threat & Card Harvesting

How it works:
The victim receives an SMS, email, or message claiming that their MobilePay account will soon be blocked. To prevent this, they must “confirm” their information by clicking a link that leads to one of these pages.

The pages ask for:

  • Phone number (linked to the MobilePay account)
  • Card number
  • Expiration date (MM/ÅÅ)
  • CVV (the three‑digit security code on the back of the card)

A “unique user ID” is displayed to make the page appear personalized, but it is the same static number on all pages.

The goal:
The attacker collects:

  • The victim’s phone number (used for SIM‑swapping or further fraud)
  • Full credit/debit card details (number, expiry, CVV) to make unauthorized purchases or clone the card

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not mobilepay.dk. Legitimate MobilePay services are accessed through the official app or website.
  • Threat of account closure: MobilePay does not send unsolicited links threatening to block accounts.
  • Request for CVV: MobilePay never asks for your card security code to “update” or “verify” your account.
  • Static “unique” ID: The displayed ID (1008796817) is identical on both pages – a clear sign of a phishing template.
  • Poor Danish phrasing: The text contains minor grammatical inconsistencies that would not appear in official communications.
  • Unsolicited action required: Any legitimate request to update payment information would happen within the app or after logging in, not via a link.

What to do if you encounter this:

  • Do not enter your phone number, card details, or CVV.
  • If you are a MobilePay user, always open the official app to check for any notifications or account issues.
  • If you have already entered card details, contact your bank immediately to block the card.
  • Report the phishing page to MobilePay’s fraud team.

Protective measures:

  • Never click links in unsolicited messages threatening account closure.
  • Always use the official MobilePay app to manage your account.
  • Never provide your card’s CVV outside of a trusted, direct purchase environment.
  • Enable two‑factor authentication on your bank and email accounts.