Despite the fact that cybercriminals have a whole world of possibilities to carry out their scams, on many occasions they decide to repeat the plot, due to how effective it is. In the case of which we are alerting today, a new campaign of fraudulent emails that impersonate Correos has recently been detected, saying that they have tried to deliver your package without success to get hold of your personal and bank details.
Phishing is a type of cyberattack that consists of the use of emails to deceive a user, in which cybercriminals impersonate a known entity, company, or person to gain the trust of the victim.
Cybercriminals are not stupid, and despite the fact that post office impersonations are a more than common technique, If they keep doing it, it’s because it works. This is because the hook they use is almost foolproof: “We have a package from you, please reschedule the delivery.”
And it is that today, the vast majority of users make purchases online without stopping, and as a consequence every two by three are waiting for an orderwhich means that the arrival of one of these malicious emails often matches the wait for a package.
Apparently in the mail it indicates that a delivery man has tried to deliver your package, but there was nobody at home, and then to receive it you will have to request and schedule a new delivery. For this, in the email itself it is given access a link to do it and when you click on it, a new window opens that looks like the official Post Office website, but it really isn’t.
The truth is the page is very realistic and has sections identical to the Post Office, so it is easy to be deceived. To schedule a new delivery, the user will have to fill out a form with your personal informationtype name, address, telephone number…
When you have completed this, another window will open in which you will now they ask you for a payment claiming a fee for forwarding services (something that Correos does not do), but if this does not trigger alarm bells and you continue, you will have given cybercriminals both your personal and bank details.
Details that give away the scam
Fortunately, this campaign is not perfect, and there are some details that give away the plot. For example, in the mail that arrives the sender name is confusing and does not conform to the Post Office format.
Another example is in the subject that you can read a message that says “A Surprise Awaits”, something very informal and likely to have been sent by an institution like this. Lastly, the wording of the message is confusing, mixes English and Spanish and there is a lack of coherence in the text that should not be in an official communication.
