UPS phishing page revealed

A high-level UPS phishing scam where attackers use fake “address correction” messages to steal credit card data and 3D-Secure codes. This logistics-based threat exploits urgent SMS or email notifications to lure victims to a fraudulent site designed to harvest personal information and payment details, often by requesting a nominal re-delivery fee.

Cybersecurity Measures: How to Avoid UPS “Delivery Fee” Phishing

To protect your financial data and personal information from international shipping scams, follow these essential safety rules:

1. The “Small Fee” Red Flag (Micro-payments)

Phishing sites often claim that a tiny amount (e.g., $1.99 or 2.00€) is required for “customs clearance” or “redelivery.”

  • Action: This is a psychological trick. Legitimate shipping companies like UPS do not request such payments via SMS links. If a site asks for your CVV code (the 3 digits on the back of your card) to pay a minimal fee, it is 100% a scam designed to harvest your full credit card credentials.

2. Verify the Official Domain (The URL Rule)

Scammers use deceptive URLs that look official at first glance (e.g., ups-package-check.com, tracking-ups-verify.net, ups-redelivery-service.xyz).

  • Action: The only official website for UPS is ://ups.com. Before entering any details, ensure the address bar shows exactly this domain. Any variation, even with “ups” in the name, is fraudulent.

3. Ignore “Action Required” SMS/Email Links

Scammers send “Smishing” (SMS phishing) messages claiming: “Your package is held at our hub due to a missing house number. Please update your details here.”

  • Action: UPS never sends unsolicited text messages asking for personal or payment information in exchange for package delivery. If you receive such a text, do not click the link.

4. Use the Official UPS Tracking Tool

If you are genuinely expecting a shipment, verify its status through secure, official channels only.

  • Action: Go to ://ups.com manually and enter your tracking number directly, or use the official UPS Mobile app. If there is a real issue with your address or a pending fee, it will be clearly flagged there without needing to follow a suspicious link.

5. Look for “Urgent” Countdown Tactics

Phishing pages often feature timers or warnings like “Your package will be returned to sender in 12 hours” to force you into making a mistake.

  • Action: Stay calm. Check the sender’s email address or phone number. If the email comes from a public domain (like @gmail.com or @outlook.com) or the phone number is a standard 10-digit mobile line, it is a scam.

6. Report the Fraud

Reporting helps prevent others from falling victim to the same infrastructure.

  • Action: You can report UPS-themed phishing by forwarding the fraudulent email to [email protected] or by using your phone’s “Report Junk” feature for SMS messages.

Netflix phishing page detected in Montreal

Netflix “Account On Hold” Phishing

Target: Netflix Subscribers Worldwide (Detected in Montreal/Canada)
Threat Level: High (Credit Card Skimming & Account Hijacking)

Security Measures to Stay Safe:

  • 1. Verify the Official Domain (The “.com” Rule):
    Official Netflix pages always reside on netflix.com. Phishing sites use deceptive lookalike addresses like netflix-payments.online, update-netflix-account.net, mon-compte-netflix.fr, or free subdomains like netflix.web.app. Always check the address bar manually.
  • 2. Netflix Never Asks for Card Details via SMS/Email Links:
    If there is a real problem with your billing, Netflix will notify you inside the official app or on the website after you log in safely. They will never send a link to a form asking for your credit card number, CVV, and expiration date directly in an email or text message.
  • 3. The “Manual Entry” Policy:
    If you receive an alert saying “Your account is on hold” or “Update your payment method,” do not click the link. Instead, open a new browser tab, manually type ://netflix.com, and log in. If there is a real issue, you will see a banner at the top of your profile.
  • 4. Check for “Urgent” Pressure Tactics:
    Scammers use alarming language like “Your subscription will be cancelled in 24 hours” to make you panic. This is a clear red flag. Legitimate services usually give you several days or grace periods to resolve billing issues.
  • 5. Inspect the Sender’s Address:
    Official Netflix emails always come from @netflix.com. Be wary of senders with random domains, misspelled names (e.g., [email protected]), or generic addresses.
  • 6. Use a Password Manager:
    Tools like Bitwarden or 1Password recognize sites by their exact URL. If you are on a fake Netflix site, your password manager will not offer to auto-fill your login. This is your best technical warning that the site is a fraud.

New preparation for Credit Agricole phishing revealed

An analysis of a phishing campaign targeting Crédit Agricole customers reveals attackers preparing fraudulent infrastructure to intercept “SécuriPass” multi-factor authentication. The pre-emptive case study shows attackers setting up fake login pages designed to harvest account numbers and PINs to bypass security measures. The report highlights crucial indicators of compromise, including suspicious non-official domains and unsolicited “urgent” security alerts.

Screenshot #1 (Identifiant): This page captures the 11-digit account number, validating the victim’s customer status in real-time.

Screenshot #2 (Code Personnel): A fake virtual keypad captures password digits via keylogging, mimicking bank security.

Screenshot #3 (Processing Screen): The “wait” screen allows attackers time to use stolen credentials for unauthorized access on the real banking site.

A “staging” phishing attack against Crédit Agricole, allowing for early detection of infrastructure designed to capture account IDs and 6-digit codes via a cloned virtual keypad and real-time interception. The phishing campaign utilizes a fake login screen (“Identifiant”) and a deceptive loading screen to log credentials and facilitate a Man-in-the-Middle attack.


Protection Measures:

  • Verify that the URL is exactly www.credit-agricole.fr.
  • Never log in via links in emails or SMS.
  • Reject unexpected SécuriPass notifications.
  • Use the official “Ma Banque” mobile app.

Preparation for Amazon phishing detected in Bandung, Indonesia

A sophisticated Amazon phishing kit originating from Bandung, Indonesia, and linked to the “Indonesian Cyber Army” targets customers with fake Prime subscription or security alerts. The attack harvests credentials and financial information by directing users to a high-fidelity replica of the login page. To protect against such scams, consumers should verify alerts directly through the Amazon app or website.

To avoid phishing scams targeting Amazon accounts, always manually enter “amazon.com” in the browser and verify that communications appear in the official “Message Center” within the user’s account dashboard. Crucial defenses include enabling two-step verification, checking the sender’s actual email address for a “@amazon.com” domain, and using a password manager to detect fake, lookalike URLs.

Fake Microsoft Office 2021 Professional Plus revealed

This screenshot shows a fraudulent online store (instantdigi.com) selling what appears to be an extremely discounted copy of Microsoft Office Professional Plus 2021. The price is marked down from $49.99 to $9.99 – a clear red flag for a scam or counterfeit software operation.

Threat Analysis: Fake Software Store – Counterfeit or Non‑Delivery Scam

How it works:
The victim encounters this site via an ad, search result, or social media link. The page mimics a legitimate e‑commerce store, complete with product descriptions, categories, and a fake discount (“80% OFF”). The victim is tempted to buy a genuine Microsoft Office key for $9.99. After payment, one of three things happens:

  1. No product delivered – the victim receives nothing, and their payment information is stolen.
  2. Fake / already‑used key – the victim receives a key that is invalid, blocked, or previously activated.
  3. Credential harvesting – the checkout page may ask for personal and payment details, which are captured by attackers.

The goal:
The attacker aims to:

  • Steal credit card details entered during checkout
  • Collect personal information (name, address, email) for identity theft or future scams
  • Receive direct payment for a product that is never delivered or is counterfeit

Red flags to watch for:

  • Too‑good‑to‑be‑true price: A genuine Microsoft Office Professional Plus 2021 key typically costs $100–$250. $9.99 is impossible for a legitimate license.
  • Suspicious domain: instantdigi.com is not an authorized Microsoft reseller. Official Microsoft products are sold through Microsoft.com or trusted retailers (Amazon, Best Buy, etc.).
  • Generic design and inflated discount: The “80% OFF” and “0 reviews” are common tactics to pressure impulse buying.
  • No clear company information: Legitimate stores provide verifiable contact details, return policies, and business registration. This site lacks transparency.

What to do if you encounter this:

  • Do not purchase anything or enter any payment information.
  • If you have already entered card details, contact your bank immediately to block the card and dispute any unauthorized charges.
  • Only buy software directly from the official Microsoft website or from authorized, well‑known retailers.

Protective measures:

  • Remember: if the price is drastically lower than market value, it is almost certainly a scam.
  • Check the domain – authorized Microsoft partners are listed on Microsoft’s website.
  • Use a credit card with fraud protection for online purchases, and monitor statements regularly.
  • Read reviews – search for the store name + “scam” before buying.

Fake Microsoft Windows 11 detected

Fake Windows 11 upgrade scams use malicious search engine ads and fraudulent websites to impersonate the official Microsoft Download Center. These sites distribute infostealers like RedLine Stealer or steal Microsoft account credentials through fake login prompts. Users are advised to only update Windows via the built-in system settings and to verify that all download domains are strictly “microsoft.com”.

This screenshot shows another page from the same fraudulent online store (instantdigi.com), this time offering Microsoft Windows 11 Professional at an 85% discount – from $39.99 down to $5.99. This is a clear scam, either selling counterfeit or non‑functional license keys, or simply stealing payment information without delivering anything.

Threat Analysis: Fake Software Store – Counterfeit Windows License Scam

How it works:
The victim sees an ad or search result for an incredibly cheap Windows 11 Pro license. The page mimics a legitimate e‑commerce store. The victim is tempted to buy a “genuine” license key for $5.99. After payment, the attacker either:

  • Provides a fake, already‑used, or blocked key
  • Delivers nothing at all
  • Steals the credit card details entered during checkout

The goal:
The attacker aims to:

  • Steal credit card information for fraudulent transactions
  • Collect personal data (name, address, email) for identity theft
  • Receive direct payment for a worthless or non‑existent product

Red flags to watch for:

  • Too‑good‑to‑be‑true price: A legitimate Windows 11 Pro license costs $100–$200. $5.99 is impossible for a genuine retail key.
  • Suspicious domain: instantdigi.com is not an authorized Microsoft reseller. Microsoft sells licenses directly or through trusted partners (Amazon, Best Buy, Newegg, etc.).
  • 85% discount + “0 reviews”: The extreme discount and lack of genuine customer feedback are common pressure tactics.
  • Same fraudulent site as previous example: The identical layout, “INSTANT DIGI” branding, and unrealistic pricing confirm it is part of the same scam operation.

What to do if you encounter this:

  • Do not purchase anything or enter any payment information.
  • If you have already entered card details, contact your bank immediately to block the card and dispute any unauthorized charges.
  • Always buy software licenses directly from Microsoft or authorized retailers.

Protective measures:

  • If the price seems too good to be true, it is a scam.
  • Verify the domain – Microsoft’s official store is microsoft.com, not random third‑party sites.
  • Use a credit card with fraud protection and monitor your statements.
  • Search for “[store name] scam” before buying from an unfamiliar site.

Fake Walmart gift card

The fake Walmart gift card scam utilizes a survey-based phishing method to steal personal identification data and credit card information. This scheme lures victims with the promise of a $1000 gift card, ultimately using a fake “shipping fee” to harvest credit card CVV details for financial skimming.

These multiple screenshots show a classic “Walmart Gift Card Giveaway” scam, combined with a fake “online test” and “human verification” loop. The entire flow is designed to trick victims into completing surveys, providing personal information, or signing up for paid offers – with no gift card ever being delivered.

Threat Analysis: Walmart Gift Card Giveaway Scam – Survey / Lead Generation Fraud

How the scam works:

  1. The Lure (Screenshots with Walmart gift cards)
    The victim sees an ad or receives a link promising a free Walmart gift card ($25, $50, or $100). The page displays images of gift cards with “DIGITAL CODE” labels.
  2. The “Choose Value” Page
    The victim is asked to select a gift card value ($25, $50, or $100). This creates a sense of choice and personalization.
  3. Fake “Connecting – Generating – Completed” Progress
    A loading animation simulates a “generator” process, showing fake progress bars and messages like “Closing service handle…”
  4. Anti‑Bot / Human Verification
    The victim is told they need to complete a “human verification” to prove they are not a bot. A fake verification code is displayed.
  5. “Take a FREE Survey to Become a Millionaire”
    The victim is redirected to a page claiming they need to complete a survey or offer to unlock the gift card. This is the actual money‑making step for the scammers (affiliate fraud).
  6. Fake Online Test (Multiple pages with questions)
    The victim is taken through a series of questions about age, income, employment, financial goals, investment experience, etc. These questions are designed to profile the victim for targeted offers.
  7. “Excellent” Test Result & Redirect
    After answering all questions, the victim is told they scored “EXCELLENT” and can earn “MUCH MORE THAN $5,000 daily.” They are then redirected to paid offers, subscription traps, or data harvesting forms.

The goal:
The attacker earns money through:

  • Affiliate commissions – when victims sign up for paid offers, credit monitoring services, or loan applications
  • Lead generation – collecting personal data (name, email, phone, income level) to sell to marketers or other scammers
  • Credit card harvesting – if the final offers require payment details
  • Survey completion fees – each completed survey generates revenue for the scammer

Red flags to watch for:

  • Free gift card promise: Walmart does not give away gift cards through random online quizzes or “generators.”
  • Fake progress bars and verification codes: These are visual tricks to make the process seem technical and legitimate.
  • Endless loop of questions and offers: After completing one “verification,” victims are often asked to complete another, with no gift card ever received.
  • Requests for personal information (age, income, employment): These are not needed to claim a gift card.
  • Fake comments and timestamps: The “80 comments” section with generic usernames and “1 hour ago” timestamps is fabricated to create social proof.
  • Cookie notice: The presence of a cookie consent pop‑up is an attempt to look like a legitimate website.

What to do if you encounter this:

  • Do not click any buttons, answer any questions, or provide any personal information.
  • Do not enter any credit card details or sign up for any offers.
  • Close the page immediately. No legitimate gift card giveaway requires completing surveys or offers.
  • If you have already entered payment information, contact your bank immediately.

Protective measures:

  • Remember: if it seems too good to be true, it is a scam. Walmart does not give away free gift cards through random websites.
  • Never complete “human verification” offers – these are always scams designed to generate affiliate revenue or steal data.
  • Use an ad blocker to avoid such scam ads.
  • Do not trust fake comments – scammers can easily fabricate likes, replies, and timestamps.

Fake Steam digital gift card

A phishing campaign targeting Steam users with fake digital gift cards that steal credentials and 2FA codes for full account takeover. Scammers utilize realistic clones of the Steam login page and real-time Steam Guard code interception to hijack accounts and steal virtual items.

The “Steam Digital Gift Card” and “Walmart Gift Card” cases exemplify a “Reward Baiting” social engineering attack designed to steal user credentials through fake verification steps. By promising high-value rewards, scammers lure victims into entering login data on phishing sites to gain full account access.
Expert Security Tip: The “Free Reward” Verification Trap

  • The Trap: Attackers use convincing, high-quality landing pages to promise free $50-$100 gift cards, requiring users to complete “human verification” (surveys, app downloads) before stealing credentials via a fake login page.
  • Protection Method:
  • “No Free Lunch” Rule: Major brands do not offer high-value gift cards via third-party surveys; such offers are scams.
  • Verify Domain: Only trust official domains (e.g., steampowered.com); any variation is likely phishing.
  • Never Login via Reward Link: A requirement to log in to claim a gift is a direct credential theft attempt.
  • 2FA Red Flag: Never enter a 2FA code (Steam Guard/SMS) to claim a reward, as this authorizes a hacker’s login.

Fake Spotify digital gift card

The fake Spotify digital gift card scam targets users with fraudulent, high-value offers, utilizing social engineering and fake login pages to steal account credentials and payment information. This campaign employs a survey-based approach that mimics official Spotify branding, often tricking users into providing credit card details for a fictitious “verification fee.”

This case highlights a reward-based credential harvesting tactic, where scammers leverage fake Spotify gift card promotions to steal user credentials through phony “human verification” steps. The scam uses, high-quality phishing sites to capture email and password combinations, emphasizing the need to verify domains and avoid logging in through third-party reward links.

Fake gift digital paysafecard

The fake paysafecard gift campaign uses a “Reward Generator” scam, promising high-value codes in exchange for “human verification” tasks to steal credentials and drive ad fraud. This social engineering tactic relies on fake “live chat” feeds and a “no free lunch” illusion to lure users into submitting personal data or authorizing third-party logins.

These screenshots show a Paysafecard giveaway scam, using the exact same “generator” and “human verification” template as the Walmart gift card scam. The victim is lured with promises of free digital codes for Paysafecard (a popular prepaid payment method), then trapped in an endless loop of surveys and offers.

Threat Analysis: Paysafecard Gift Card Generator Scam – Survey / Lead Generation Fraud

How the scam works:

  1. The Lure – The victim sees an ad or link promising a free Paysafecard gift card (€25, €50, or €100). The page shows images of Paysafecard and “DIGITAL GIFTCARD” labels.
  2. Choosing the Value – The victim is asked to select a card value, creating a sense of choice and personalization.
  3. Fake “Connecting / Generating / Completed” Process – Animated progress bars simulate a code generator, showing messages like “Connected to safecard server…” to appear technical and legitimate.
  4. Anti‑Bot / Human Verification – A fake verification step appears (“Anti-Bot – Complete a Human Verification”). The victim is asked to click “Verify Now” and is then told to complete an offer or survey to unlock the code.
  5. “Take a FREE Survey to Become a Millionaire” – The victim is redirected to a page claiming they need to complete a survey or sign up for an offer. This is the actual money‑making step for the scammers (affiliate fraud).

The goal:
The attacker earns money through:

  • Affiliate commissions – each time a victim signs up for a paid offer, loan application, or subscription service
  • Lead generation – collecting personal data (name, email, phone, address) to sell to marketers
  • Credit card harvesting – if the final offers require payment details

No Paysafecard code is ever generated or delivered.

Red flags to watch for:

  • Free Paysafecard promise: Paysafecard does not give away codes through online generators. Any such offer is a scam.
  • Fake progress bars and verification steps: These are visual tricks to make the process seem real.
  • “Human Verification” redirecting to surveys: Legitimate verification does not require completing marketing offers.
  • No actual code displayed: After all steps, the victim never receives a valid Paysafecard code.
  • Poor design and generic “Connected to safecard server” messages: Official Paysafecard services use professional interfaces, not fake loading screens.

What to do if you encounter this:

  • Do not click any buttons, answer any questions, or provide any personal information.
  • Do not complete any surveys or offers.
  • Close the page immediately. No legitimate giveaway requires surveys or “human verification” offers.
  • If you have already entered payment information, contact your bank immediately.

Protective measures:

  • Remember: if it seems too good to be true, it is a scam. Paysafecard codes are bought, not given away through random generators.
  • Never complete “human verification” offers – these are always scams designed to generate affiliate revenue or steal data.
  • Only obtain Paysafecard codes from official retailers or the Paysafecard website.
  • Use an ad blocker to avoid such scam ads.