From blog.malwarebytes.com
Royal Mail phish scams are still in circulation, slowly upgrading their capabilities with evasion tools deployed in far more sophisticated malware attacks.
Often, the quality of sites we see varies greatly. Many fake Royal Mail pages are cookie-cutter efforts existing on borrowed time. The operators know their scam is a case of here today, gone tomorrow. These bogus pages are often taken down quickly by hosts. As a result, many exist in an effort-free zone of “graphic design is my passion”.
Sometimes these sites will lift bits and pieces from the official pages they happen to be imitating. This can take the form of stolen image files, and in other cases they’ll simply hotlink the live images or design instead.
But what we haven’t seen while digging into these fake portals is a smattering of what looks to be researcher deterrents. That is until now.