Fake iPad - How Cute
I got this cute little scam on my work iPhone. It appears that I have a parcel that is being shipped to me and I can track it via the URL they sent.
I particularly like the domain name they have selected for this scam. So being the evern so cautious one, what do I do, delete it, right? Nope, I of course click on it, well I actually typed it in, on my sandboxed virtual setup and checked it out.
The URL (derivedscheme.com, which BTW has the privacy settings set and uses cloudflare to mask it’s location), redirects me to voluum.org (which BTW also has the privacy settings set and uses cloudflare to mask it’s location), which redirects me to itemtracking.net (which BTW also has the privacy settings set and uses cloudflare to mask it’s location). I’m taken to a realistic Verizon page, minus the logo isn’t the correct Verizon logo (their logo has a capital V and no red check mark), but close enough. None of the links or buttons on the page work, so it is simply a giant image and nothing more.
There I see I have to click to see what I won, of course I play along and my customer number is 888097778 and wouldn’t you know it, I’m getting a iPad Pro (2021 edition) from Verizon. How nice of Verizon to send this to me. All I have to do is accept the prize. I find it funny that they offer me the option to pick it up, but it takes me to the same link as the delivery option.
I of course fill out all the pertainant information so I can claim my prize, interesting enough they have the error checking enabled on the form so it wants a valid email address (valid format only) and phone number
The final screen is a credit card number, which I of course, bailed on this screen, but not before checking to see where the submit button takes me (itemtracking.net)