Intro: "Cash-on-delivery," "price top-up," "duty link" messages are being used to harvest device-order info and payment credentials. SMS/DMs can accurately cite delivery details to boost credibility. Here's the breakdown of the related phishing scripts and risk signals — handle fees and verification only on official channels.
Background
Attackers exploit cross-border customs or last-mile delivery info gaps, sending short-link SMS or DMs demanding "duty/top-up" before delivery. Pages impersonate logistics or customs entries — actually collecting bank-card info, verification codes, or pushing app installs.
There are also fake "courier support" calls claiming "COD amount wrong, needs adjustment," steering to chat apps and finally asking for payment or recovery phrase.
Script breakdown
1) Short-link hops: SMS short link → high-fidelity logistics/customs page → payment form. Domain mismatches; certificate info blurry.
2) Fee bait: "duty / price top-up" via card or QR to personal account — mismatched with official payment channels.
3) Info harvesting: shows partial correct order info to build trust, then asks for more ID/verification code for further social engineering or misuse.
4) Download traps: "payment helper" or APK/EXE requiring security software disabled — files may plant malware.
5) Countdown pressure: "return/destroy/fine within 2 hours" — force skipping verification.
Common Q&A
Q: SMS has the right order number, is it trustworthy?
A: Not necessarily — info may have leaked. Verify domain and payment-recipient entity.
Q: Does duty require app download?
A: No — legitimate duty runs on official customs/courier pages, no executable needed.
Q: COD amount mismatch — what to do?
A: Contact the official courier/seller directly — don't pay via unknown chat or short link.
Q: QR-code payment convenient — can I use it?
A: Official channels don't collect duty/top-up via personal QR codes — stop if suspicious.
Principles
1) Handle fees only on official courier / customs or seller channels. Verify payee by typing the official URL manually. Decline short links and personal-account payments.
2) Any request to download a "helper" or disable security software is high-risk. If already clicked, stop entering, remove the download, and rotate credentials.
3) Save the SMS, phone number, link, and timestamps; report to official and platform channels to prevent further victims.
Safety reminder: We will never ask for your recovery phrase, PIN, verification codes, or private keys. Anyone requesting them is attempting fraud — do not share and do not proceed.
