The phishing, the campaigns in which a cybercriminal comes into contact with the user impersonating a third party, such as a company, to steal data and money, is – for years now – one of the most used tools by cybercriminals to attack netizens. Recently, the Internet Security Office (OSI), dependent on the National Cybersecurity Institute (INCIBE), has alerted about a new campaign of this type in which criminals pose as the Post Office to steal credit card details.
As in so many other cases of this type, the campaign begins with a email in the mailbox of the alleged victim. The message is sent from an address that has no resemblance to any official Post Office account (firstname.lastname@example.org) and has the subject “Your package ES29 *** 56 is ready.” In the accompanying text, the cybercriminals explain that the user is going to receive a package, but for it to arrive on the announced date, a prior payment of 2.99 euros must be made.
«The email from which the emails are sent is not a domain that belongs to the Correos service, although it is identified as Correos and uses its logo. In general, the wording of the message is correct, although some words without accents are detected. It is common to find poor spelling and / or writing errors due, in large part, to the use of automatic translators “, they explain from the Internet User Security Office. Indeed, the fact that it bears the Correos logo can lead to confusion for some users.
Be that as it may, the message is accompanied by a hyperlink that redirects the user to a malicious page designed by cyber attackers to make the payment impersonating Correos again. “The objective is to give truth to the web and not raise suspicions in the victim user”, they point out from OSI. At first, the fraudulent website asks the user for information such as full name, ID, telephone number and address. With this information, criminals could carry out new scams directed against the victim. Also, by providing the phone, they can carry them out in other ways; like SMS, call or WhatsApp messages.
Once these data are provided, the page requests that you click on the “Confirm” button, located in the lower left corner of the message. Next, the user is redirected to another page in which, this time, the entire necessary information of the credit card to make payments on the internet: holder, card number, expiration date and security code.
«After clicking on the” Pay “button, the user is redirected to a page with a form where a code is requested that is supposed to arrive by SMS. This strategy is used to give more credibility to the payment process and, although the SMS will never receive it, cybercriminals have already fulfilled their objective, which is to get hold of your bank card details, ”they point out from OSI.