King Salman appoints Dr. Majid Al-Fayyad as Royal Court advisor    Alkhorayef emphasizes Saudi Arabia's growing role as global industrial investment hub    SASO urges vehicle importers to verify compliance before shipping to Saudi Arabia    Saudi Arabia adopts World Drowning Prevention Day as national health priority    Saudi defense minister and Iranian FM discuss regional developments    GACA imposes SR2.8 million in fines for 87 civil aviation violations in Q2 2025    Desperate Gaza doctors cram several babies into one incubator as fuel crisis reaches critical point    ICC issues arrest warrants for Taliban leaders over women's rights violations    Syria issues appeal to EU for help battling massive wildfires along northwestern coast    Total e-messages sent to parties in lawsuits reach over 11.8 million during first half of 2025    3 arrested in assault case in Riyadh    New Property Ownership Law will take into effect in January 2026 Al-Hogail thanks King and Crown Prince for the updated law    HONOR returns to Esports World Cup as Official Smartphone Partner for 2025 The renewed commitment will see HONOR elevate mobile esports competition with cutting-edge AI technologies and industry-leading hardware    Riot Games responds to match-fixing allegations in VALORANT    BLAST responds to BESTIA Visa controversy ahead of CS2 Austin major    Christophe Galtier named NEOM SC head coach ahead of historic Saudi Pro League debut    Michael Madsen, actor of 'Kill Bill' and 'Reservoir Dogs' fame, dead at 67    BTS are back: K-pop band confirm new album and tour    Michelin Guide launches in Saudi Arabia with phased rollout in 2025    'How fragile we are': Roskilde Festival tragedy remembered 25 years on    Sholay: Bollywood epic roars back to big screen after 50 years with new ending    Ministry launches online booking for slaughterhouses on eve of Eid Al-Adha    Shah Rukh Khan makes Met Gala debut in Sabyasachi    Pakistani star's Bollywood return excites fans and riles far right    Exotic Taif Roses Simulation Performed at Taif Rose Festival    Asian shares mixed Tuesday    Weather Forecast for Tuesday    Saudi Tourism Authority Participates in Arabian Travel Market Exhibition in Dubai    Minister of Industry Announces 50 Investment Opportunities Worth over SAR 96 Billion in Machinery, Equipment Sector    HRH Crown Prince Offers Condolences to Crown Prince of Kuwait on Death of Sheikh Fawaz Salman Abdullah Al-Ali Al-Malek Al-Sabah    HRH Crown Prince Congratulates Santiago Peña on Winning Presidential Election in Paraguay    SDAIA Launches 1st Phase of 'Elevate Program' to Train 1,000 Women on Data, AI    41 Saudi Citizens and 171 Others from Brotherly and Friendly Countries Arrive in Saudi Arabia from Sudan    Saudi Arabia Hosts 1st Meeting of Arab Authorities Controlling Medicines    General Directorate of Narcotics Control Foils Attempt to Smuggle over 5 Million Amphetamine Pills    NAVI Javelins Crowned as Champions of Women's Counter-Strike: Global Offensive (CS:GO) Competitions    Saudi Karate Team Wins Four Medals in World Youth League Championship    Third Edition of FIFA Forward Program Kicks off in Riyadh    Evacuated from Sudan, 187 Nationals from Several Countries Arrive in Jeddah    SPA Documents Thajjud Prayer at Prophet's Mosque in Madinah    SFDA Recommends to Test Blood Sugar at Home Two or Three Hours after Meals    SFDA Offers Various Recommendations for Safe Food Frying    SFDA Provides Five Tips for Using Home Blood Pressure Monitor    SFDA: Instant Soup Contains Large Amounts of Salt    Mawani: New shipping service to connect Jubail Commercial Port to 11 global ports    Custodian of the Two Holy Mosques Delivers Speech to Pilgrims, Citizens, Residents and Muslims around the World    Sheikh Al-Issa in Arafah's Sermon: Allaah Blessed You by Making It Easy for You to Carry out This Obligation. Thus, Ensure Following the Guidance of Your Prophet    Custodian of the Two Holy Mosques addresses citizens and all Muslims on the occasion of the Holy month of Ramadan    







Thank you for reporting!
This image will be automatically disabled when it gets reported by several people.



Watch out! Scummy scammers target home deliveries
Published in The Saudi Gazette on 08 - 04 - 2020

If you're sitting at home right now, sheltering from the coronavirus pandemic — and there's a good chance you are — then you are probably either thinking about a home delivery, or waiting for one. Paul Ducklin, principal research scientist, Sophos warns us on how scammers are targeting home deliveries.
Even people who have no symptoms of the virus, and who haven't been in contact with anyone who's infected, have been instructed to make their shopping outings "as infrequent as possible".
Indeed, many stores considered non-essential have been forced to shut, including electronics shops, so the new HDMI cable or the replacement mouse you need for working from home may only be available online.
So, with home delivery companies seriously stretched and long shipment times, we suspect that lots of people will be anxiously watching their phones for text messages like this one:
The URL in this case was a short domain name with a brief coded sequence of letters and numbers at the end — pretty usual for links in text messages, which are typically shortened to fit in the limited length of an SMS.
And given that no one wants to see their lovingly awaited shipment of toilet rolls go astray at the very last step of the way for something as minor as an address glitch, it's tempting to click through to check what's going on.
As you can see, the site has a reassuring HTTPS padlock, meaning that transmission to and from the site is secure, but the site itself is just a visual ripoff of the Canada Post/Postes Canada brand (this SMS was received by SophosLabs in Vancouver, BC):
In case you are wondering about that HTTPS certificate, here's what it looks like – we used Firefox on our laptop, where clicking on the padlock in the address bar makes it easy to inspect the details:
The server is running on the popular cPanel web hosting service, which provides a web certificate automatically (that's a good thing, because unencrypted web traffic can be snooped on and tampered with far too easily).
Highlighted above is the fact that the certificate was created on 2020-03-24, the very same day that this scam campaign went out.
Anyway, your delivery is held up by a mere $3 shortfall, which is the sort of amount you'd probably consider paying anyway and arguing about later, if the alternative is to lose your delivery slot.
If you do proceed, then the crooks first want you to confirm your address, as stated in the original SMS message...
...and then they want to "process" your $3 payment by capturing your credit card details to complete the transaction:
What to do?
• Don't be fooled just because you're expecting a delivery. The crooks don't have to know you are waiting for a delivery to get the timing right. Especially during the coronavirus pandemic, they can simply assume you are and they'll be right for a lot of people a lot of the time.
• Treat delivery SMSes as notifications instead of links. It's a bit more hassle, but avoid clicking on links at all in messages like these. When you order items online, make a note of the right website to use for tracking the item, and go there yourself if there is any problem reported with delivery.
• Check the URL in the address bar. These days, most cybercriminals are using HTTPS websites, because everyone expects a padlock in the address bar. But the padlock doesn't say you are on the correct site, merely that you are on a site with an HTTPS certificate. Consider going to your laptop if you can, and checking out the link from there. It's worth the extra trouble because the address bar is bigger and tells you more.
• Use a third-party security product on your phone. Sophos Intercept X for Mobile adds to the built-in protection in your phone because it helps to keep you away from risky websites to start with.
• Report compromised cards immediately. If you get as far entering any banking data into a "pay page" and then realize it's a scam, call your bank's fraud reporting number at once. (Look on the back of your actual card so you get the right phone number.)
P.S. Don't forget that just typing data into a web form exposes it to crooks because they can "keylog" what you type into a webpage even if you never press the [Finish] button.


Clic here to read the story from its source.