What is the “AliExpress Package” phishing email

“Shipment Pending – AliExpress Package” is classified as a phishing email because it tries to trick users into revealing their personal information. It’s a classic phishing scam that claims you have a package underway and need to schedule a delivery. The emails are disguised as AliExpress notifications but the online retail company has nothing to do with this phishing campaign.

 

 

The “AliExpress Package” phishing email first tries to catch the recipients’ attention with its subject line. “Shipment Pending – AliExpress Package” is bound to trick many users into opening the email, especially if they are frequent AliExpress customers. When users open the email, they are greeted with a well-done email that claims they have a package on the way. The email asks that users schedule their deliveries by clicking the “Schedule your delivery” button. The email also recommends subscribing to the push notifications to avoid delays in the future. These phishing emails are widespread around holidays like Christmas because many users order presents online and want them delivered in time for the holidays.

AliExpress

Get Your AliExpress Package

YOUR PACKAGE IS ON THE WAY

You have (1) package waiting for delivery. Use your code to track your package and get it delivered before Christmas. Schedule your delivery now and subscribe to our push notification to avoid this delay again.

SCHEDULE YOUR DELIVERY

AliExpress

Track all your shipments in one place and get automatic updates on all your deliveries.

SCHEDULE YOUR DELIVERY

If users click the “Schedule your delivery” button, they will be taken to a site that displays a similar message saying they have a package waiting to be delivered. The site also has a tracking code to be used when scheduling the supposed delivery. Suppose users continue to engage with the phishing campaign, they will be taken to a site that asks them to fill in personal information, including full name, email address, phone number, home address, and payment card information.

 

If users type in this information, it will immediately be transferred to the cybercriminals operating this phishing campaign. Personal and payment card information is valuable to cybercriminals. Even if they don’t use it themselves, they’ll sell it on hacker forums. Phished payment card information can be used to make unauthorized purchases. If users do not check their bank statements regularly, cybercriminals can cause significant financial damage. Stolen personal information can be used to perform even more sophisticated scams on users.

When making an online purchase and scheduling a delivery, it’s typical to provide this information so many may not even bat an eye. The whole phishing campaign is quite sophisticated and we can see it being successful in tricking many people. However, despite how sophisticated this attempt may be, it’s still possible to see certain signs that point to it being a phishing email.

How to identify phishing emails

If users learn how to recognize phishing emails, they should be able to notice the signs quite easily. One of the first things users should check when they receive an unexpected email that asks them to perform some action is the sender’s email address. Generic phishing emails are usually sent from random-looking email addresses so it’s immediately obvious. More sophisticated ones may use more legitimate-looking email addresses. It’s recommended to research unknown senders’ email addresses to check whether they belong to whomever the sender claims to be.

Grammar and spelling mistakes are another sign of a potentially malicious email. Low-effort phishing emails always have them so they’re quite obvious. This particular “AliExpress Package” phishing email does not have any mistakes and looks professional enough to be taken seriously, so it’s a more sophisticated phishing attempt.

But no matter how sophisticated a phishing email/attempt may be, there’s one thing that will always give it away – the site’s URL. If users engage with this “AliExpress Package” phishing email, they will be taken to several sites where they will be asked to type in their information. However, the URLs of those sites do not look trustworthy in any way. Logically, if the email was sent by AliExpress, the URL would also belong to AliExpress. However, the URL is webcaves.info. It’s recommended that users always check the URL before trying to log in anywhere. If the URL looks suspicious in any way, users should not type in their credentials or information.

Finally, if users receive an email that asks them to perform some action, users should not click on any links in emails and instead manually access accounts. For example, suppose users receive this “AliExpress Package” phishing email and they have an AliExpress account. In that case, they should manually access the account and check whether there are any deliveries on the way.