Scammers are exploiting the holiday season by creating fake delivery sites that imitate legitimate postal and delivery services. This has led to a significant increase in fraudulent sites in the weeks leading up to Christmas.


According to a recent report from cybersecurity company Group-IB [1] [2], there has been a 34% increase in the number of these fraudulent sites in the first 10 days of December. Group-IB’s Computer Emergency Response Team identified 587 of these sites during this period. These sites are part of a global scam campaign that targets last-minute shoppers with SMS messages disguised as urgent delivery notifications [2]. The scammers continuously create new websites that mimic legitimate ones and employ evasion techniques to avoid detection. They specifically target postal and delivery services in 53 countries [1] [2], with Germany [2], Poland [1] [2], Spain [1] [2], the UK [1], Turkey [1], and Singapore being the most popular targets [2]. To appear authentic, the scammers display official names and logos of the impersonated postal service providers on their phishing pages [1] [2], and they even use typosquatted URLs. These fake sites are active for only a few days [2], making it challenging for security experts to investigate and detect the scheme [1].

To protect themselves from falling victim to these scams, users are advised to verify sender details [1] [2], search through official channels [1] [2] [3], treat messages as alerts [1], independently access official websites [1] [3] [4], and stay informed about ongoing scams [1]. Additionally, brand owners are encouraged to utilize threat intelligence services to monitor and block such fraudulent campaigns [3] [4].


The rise in fake delivery sites during the holiday season poses a significant threat to consumers. It is crucial for individuals to remain vigilant and follow the recommended precautions to avoid falling victim to these scams. Furthermore, brand owners must take proactive measures to monitor and block fraudulent campaigns. As scammers continue to evolve their tactics, it is essential for both users and businesses to stay informed and adapt their security measures accordingly.