Weird SMS Parcel phishing scam

Phishing
1

Hi folks, I posted this already in the Discord and the person I talked to asked me to also post it here.

This morning I received a text claiming I had a parcel en route to my house with DHL shipping. The message has claimed that I can track a parcel by following the hyperlink in the message. So far pretty dull, it's annoying but I get this kind of scam text message at least once a week, if not more.

What is pretty weird is that the hyperlink in the text seems to belong to a website for a driving school in the Sydney area of Australia. I am in Scotland, but I guess being on the other side of the world doesn't stop these guys from having a go. With the help of a friend of mine who is fairly tech savvy I investigated a bit, and the website for the driving school is, well, odd.

The blog section seems to contain a lot of articles that are completely irrelevant to driving like ads for horoscopes and other weird and wonderful content. While it does seem like there is a driving school run from the website, this intrigued me enough that I wanted to know more. With the help of my friend I was able to look up who owns the domain, and get some more information.

The domain in question is: deezdrivingschool.com.au

the message in question: DHL: your parcel is arriving, track here: (fake url that leads to above domain)

the company that hosts the domain: afilias.com.au

Name of person domain is registered to: Mangaldas Nai Dipak Kumar

Apologies, I am not sure how to add the screenshots I took to this post. If you need them then I am happy to find a way to get them to you.

Would love it if you could find a way to mess up the day of the person who has tried to scam me.

2

For next time, can link images with a service like imgur, then embed them with:


</s><i> </i>[IMG]https://example.com/image.png[/IMG]<i> </i><e>

I'll post the image you posted in discord:
![image image0png.jpeg](https://tlscommunity.com/assets/2021-04-26/21:45:050-image0png.jpeg)
URL: http://deezdrivingschool.com.au/dhl/?y1021kbmqgtg8 (Redirects to google now)

3

Would also be handy if you could share the number the sms came from

4

[[3,9],[3,72]]

5

@Cyberlytical#190065 cheers pal :slight_smile:

for extra if you need it, here is the rest of what my friend helped me to find

[IMG]https://imgur.com/a/L1h6WOl[/IMG]

6

@Cyberlytical#190067 UK mobile number (or number making itself look like a UK mobile number) 07952 948687

7

@Cyberlytical#190065 It now redirects you to a fake DHL webpage in Spanish. To make things clear, it prompts you to install an apk (Android app installer package). After you install that android app, it’s on your device. That app is not the real DHL app. It’s ransom malware meant for Android.

8

Current details for ABN 35 015 499 828 | ABN Lookup

Entity name: MANGALDAS NAI, DIPAK KUMAR

DEEZ DRIVING SCHOOL


9

Morning folks.

Some more info- I tried reporting this to afilias.com.au and got the below response:

Hello (SST),

The Afilais registry operator for .au passed on your report of a phishing scam.

Information about deezdrivingschool.com.au is available via our WHOIS service at:

https://whois.auda.org.au/

It looks like the operator of http://deezdrivingschool.com.au/ is a legitimate Australian small business, but their website service may have been hacked.

You can contact the operator of the website using the email address displayed in the WHOIS results: [email protected]

They also have contact details on their website: http://deezdrivingschool.com.au/contact-us/

You may also wish to contact their service provider which is the Public Domain Registry (https://publicdomainregistry.com/). Their abuse contact information is available here:
https://publicdomainregistry.com/report-abuse-2/