Thursday, February 07, 2019

Historical OSINT - Global Postal Express Re-Shipping Mule Recruitment Scam Spotted in the Wild

Continuing the series of post detailing the activities of currently circulating malicious and fraudulent spam campaigns successfully targeting potential money mule recruiters I've recently came across to Global Postal Express which basically:

"We Provide best in service global logistics through our people by building lasting relationships with the commitment to prioritize our customer needs to generate financial results. Be the leader in the development of integrated logistics strategies by offering the highest levels of quality, reliability and exceptional customer service while strategically growing nationally and internationally."

Sample malicious URL known to have participated in the campaign:
hxxp://globalpostalexpress.net - Email: globalpostalexpressinc@gmail.com

Sample Mailing Address:
2549 Harris Ave, Sacramento,CA 95838, U.S.A
+1 (719) 838 2416

Sample Screenshots of the Service in Action:





Sample Screenshots of the Related Malicious Domains Known to Have Participated in the Campaign:




Related malicious URLs known to have to participated in the campaign:
hxxp://www.marannata.com
hxxp://wellburton.com
hxxp://stecoexpress.com
hxxp://mag-trading.com

Stay tuned for an additional set of details regarding re-shipping money mule recruitment domain portfolios anytime soon.