The Internet Security Office, dependent on the National Cybersecurity Institute, has warned about a new malicious SMS campaign in which cybercriminals pose as messaging firms, such as Correos or Correos Express, with the aim of stealing your bank details. As in the other two cases, criminals add their hyperlink messages that redirect users to a fraudulent page intended to steal information from them without their knowledge.
In the message, the criminals try to alert the victim by stating that he has an outstanding payment for the shipment of a package that he will deliver soon. “Dear customer: Your package is ready for delivery, confirm the customs payment of (€1,79) at the following link: [fraudulent link]”, reads one of the SMS alerts.
If the user 'clicks' on the link in the message, they will be redirected to a malicious page that tries to replicate the official Post Office, so the user does not suspect that they are browsing a fraudulent website. "The way to verify it is by reviewing the URL of the web, which is not the legitimate domain, but one that tries to simulate the real one using the name of the company in the URL", they remember from the Internet Security Office.
On the page, below the amount theoretically owed, the criminals pick up an option called 'Pay and continue'. If you click on it, the user is asked to provide their bank details (card number, expiration date, CCV and ATM PIN), in order to use them to commit financial fraud.
The Internet Security Office warned about the discovery of other variants of this scam in which different web designers are used, but which are always developed in order to make the victim believe that they are on an official Post Office page. The amounts to be paid can also change, examples of cases are shared in which they increase to 2,64 euros.
Another malicious web page in which Correos is supplanted within this campaign – OSI
“It is not ruled out that similar or even the same messages may be being used, but that they are using the number of other companies to execute the deception. , such as email or instant messaging”, note from the Internet Security Office.
All cybersecurity experts recommend acting with caution when we receive any communication supposedly made by a company with which we are alerted. The ideal in cases such as the one that affects Correos, is to contact the company by another means in order to clear up any doubts about the veracity of the message.
