INCIBE, the National Cybersecurity Institute has detected a new phishing campaign that is supplanting, once again, the Post Office service. The bell has as a pretext the delivery of a package, upon payment of an amount of money.
Furthermore, this public entity believes that there could be other similar campaigns through other means, such as messaging applications and SMS, something that was common during the first months of this year and that managed to deceive, infect and steal money from many people in Spain with a similar hook.
This year Fedex, DHL, MRW and the Post itself were important claims in many cases of phishing. The objectives that INCIBE has discovered are mainly entrepreneurs, employees or freelancers.
How is the message that people receive
The mail that you can receive, as shown in the previous image, is headed with the Correos logo and explains that there is a "Package pending delivery". He goes on to explain:
Information COVID-19 Correos is mobilized to guarantee the delivery of packages while protecting the health of its customers and its postal workers.
Your package is ready to be sent, the shipping cost is € 2.99, this payment must be made within 24 hours.
Continue explaining this process and end the message with a box that says confirm here. If you press, you are on your way to the prepared trap. They will ask you for your bank details to make that payment of less than 3 euros and so they will get your financial information which will allow them to steal money from you in the future.
The purpose of the campaign detected is to steal personal and financial data through identity theft from Correos. Cybercriminals they try to trick their victims into believing that a package is about to be delivered, and they will receive it if they make the payment of a certain amount of money.
If the requested data is entered and the "Pay and continue" option is clicked, a new page will open where a supposed password received by SMS from the victim's mobile is requested, but at this time the cybercriminals will already have in their possession the card details. In case of entering any data and clicking on accept, the user is redirected to a new page where a username and password are requested.
When the requested credentials are entered, it always returns an error, even if they are correct. What's more, if you click on access with Digital Certificate or DNIe, it indicates that this functionality is disabled, and if a new user registration is attempted, it returns an error indicating to try later.
At this point the cybercriminals they will have in their possession all the data that has been provided to them.
What to do if you have fallen into the trap
From the Institute of Cybersecurity they alert that if you receive an email or any notification with these characteristics, omit it or eliminate it. If you or someone from your company has received a message of these characteristics, they have accessed the link and entered the credit card details, you have to contact your bank as soon as possible to inform them of the situation and to block your card.
Also, if you have provided a username and / or password, you must change as soon as possible that data from all the sites where it is being used.