FedEx themed credit card phish

MylesPerour · 26 April 2023 11:06

When you click the link, it takes you to

DANGEROUS LINK -- DO NOT CLICK
https://storage.googleapis. com/bjhgy/thefileservers.html#qErNp.FRvLutnulOWxJClRhMLEJWmw?fjMgbPcc27dKcyswNcdcLzcScxSmTd98hcbbb2D

That page has a javascript that checks the url to see if a hash is included and determines whether the hash is >5. If it isn’t, it redirects you to a 404 page. If it’s greater than 5, it is supposed to send you to the start of the phishing page but it doesn’t seem to forward for some reason. The phishing page is at:

DANGEROUS  LINK -- DO NOT CLICK
http://thefileservers. com/fjMgbPcc27dKcyswNcdcLzcScxSmTd98hcbbb2D

which claims you owe $1.95 in shipping charges for the packages they are holding. Clicking through that series of forms, it eventually asks for name, address and credit card info.
This page
fedex

MylesPerour · 26 April 2023 11:23

When I went back through it this time, it changed the eventual them of the phish to a different scam saying I won something or other.