2023-06-15 15:59:02
The Civil Guard has alerted through its official Twitter account about the discovery of a dangerous campaign of malicious emails in which cybercriminals pose as post office. The objective, as in many other similar cases, is to deceive the user in order to steal their personal data.
Specifically, the Civil Guard echoes a recent publication of the National Institute of Cybersecurity (Incibe) in which it is explained that, as usual, criminals start the scam by stating in the mail that the user has a package pending collection. Next, you are invited to ‘click’ on a link that accompanies the message with the supposed purpose of schedule delivery to your home. The subjects of the detected emails are ‘Track your package’ and ‘Rescheduled delivery. XX-XXXXX’.
In the event that the Internet user clicks on the link, as the cybercriminals request in the email, they will be redirected to a malicious web page, which is impersonating the Post Office. This will display a popup window with the message: ‘You have (1) message from us. Click below to open it’. Upon confirmation, the user goes to the next page, which shows a button, ‘repair my address’, in order to be able to reschedule the shipment of the supposed package.
In the event that the user shares the data requested, the criminals can use it for some other more personalized scam campaign, where the criminals could use this information to make the scam more credible. They can also bet on doing business with address data and selling it on the Dark Web. Likewise, Incibe points out that “it is not ruled out that confirmation of other personal data is requested and even make an additional payment for the request for the new delivery of the package.”
As Correos points out through its websitelas scams in which criminals claim that there has been a problem with the delivery of a package is among the most common scams when impersonating you on the internet. As he points out, it is necessary to be wary of the system whenever there is a request for personal data such as the one made in the previous email: «If what they ask us for is personal information, emails, passwords, bank details, etc., we have to start suspect since it will not be something that a serious company does.
If you receive a message of this type, it is best to ignore it and delete it directly. The same goes for any other email or SMS in which a well-known company or institution apparently invites you to act quickly and requests sensitive information. In most cases it will be a scam.
#beware #dangerous #message #pretend #Correos