New customs charges for online orders outside the EU
With the introduction of charges/taxes on certain items posted from outside the EU, threat actors appear to be leveraging the situation to send fraudulent SMS and email messages impersonating postal services in an attempt to harvest payment details and personal information. The campaign is already being observed targeting Irish users, and I'd like to highlight this activity publicly as part of a LinkedIn post around our Brand Protection, Threat Intelligence, and Domain Takedown capabilities.
AI Analysis
Technical Summary
This campaign involves threat actors sending phishing and smishing messages that impersonate postal services to exploit recent customs charges on items posted from outside the EU. The attackers use fraudulent domains and IP addresses to deceive recipients into providing sensitive payment and personal information. The campaign is currently observed targeting Irish users and is linked to the introduction of new customs taxes, which provides a plausible pretext for the scam messages. No direct software vulnerability or exploit is involved; rather, this is a social engineering campaign leveraging current events.
Potential Impact
The impact involves potential financial fraud and identity theft resulting from victims disclosing payment card details and personal information to the attackers. This can lead to unauthorized transactions, financial loss, and privacy breaches for affected individuals. There is no indication of exploitation of software vulnerabilities or system compromise beyond the phishing and smishing attempts.
Mitigation Recommendations
There is no software patch or fix applicable as this is a social engineering campaign. Users should be advised to verify the authenticity of any customs or postal service communications independently, avoid clicking on links or providing payment details in unsolicited messages, and report suspicious communications to relevant authorities. Organizations can consider awareness campaigns to educate users about this specific phishing theme. Blocking the identified malicious domains and IP addresses at network boundaries may also reduce exposure.
Affected Countries
Ireland
Indicators of Compromise
- domain: anpost.ie-sci.help
- domain: service-charge.help
- ip: 34.244.249.157
New customs charges for online orders outside the EU
Description
With the introduction of charges/taxes on certain items posted from outside the EU, threat actors appear to be leveraging the situation to send fraudulent SMS and email messages impersonating postal services in an attempt to harvest payment details and personal information. The campaign is already being observed targeting Irish users, and I'd like to highlight this activity publicly as part of a LinkedIn post around our Brand Protection, Threat Intelligence, and Domain Takedown capabilities.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This campaign involves threat actors sending phishing and smishing messages that impersonate postal services to exploit recent customs charges on items posted from outside the EU. The attackers use fraudulent domains and IP addresses to deceive recipients into providing sensitive payment and personal information. The campaign is currently observed targeting Irish users and is linked to the introduction of new customs taxes, which provides a plausible pretext for the scam messages. No direct software vulnerability or exploit is involved; rather, this is a social engineering campaign leveraging current events.
Potential Impact
The impact involves potential financial fraud and identity theft resulting from victims disclosing payment card details and personal information to the attackers. This can lead to unauthorized transactions, financial loss, and privacy breaches for affected individuals. There is no indication of exploitation of software vulnerabilities or system compromise beyond the phishing and smishing attempts.
Mitigation Recommendations
There is no software patch or fix applicable as this is a social engineering campaign. Users should be advised to verify the authenticity of any customs or postal service communications independently, avoid clicking on links or providing payment details in unsolicited messages, and report suspicious communications to relevant authorities. Organizations can consider awareness campaigns to educate users about this specific phishing theme. Blocking the identified malicious domains and IP addresses at network boundaries may also reduce exposure.
Affected Countries
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://www.ccpc.ie/consumer-advice/consumer-rights/buying-goods/buying-outside-the-eu/new-customs-charges-for-online-orders"]
- Adversary
- null
- Pulse Id
- 6a4292045a662553c3583b0a
- Threat Score
- null
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainanpost.ie-sci.help | — | |
domainservice-charge.help | — |
Ip
| Value | Description | Copy |
|---|---|---|
ip34.244.249.157 | — |
Threat ID: 6a42948227e9c797191898c4
Added to database: 06/29/2026, 15:51:30 UTC
Last enriched: 06/29/2026, 16:06:17 UTC
Last updated: 06/29/2026, 23:44:46 UTC
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.