With the rise of online commerce, it is increasingly common to find buyers waiting at any time for a package to be delivered to their home. And it is precisely this premise that scammers use to commit fraud.
On this occasion, the Internet Security Office, the scam supplants the identity of Correos, through a type of fraud known as smishing. Like others (such as phishing), this type of deception seeks to obtain sensitive data from its victims, taking advantage of the credibility that the victim places on the falsified entity (in this case, on Correos).
“If you receive an SMS on behalf of the Correos, Correos Express or any other similar service company, indicating that they have not been able to deliver a package to you because the customs fees have not been paid (or under any other excuse) and that you must access a link, do not do it, it is a fraud”, indicates the OSI.
Precisely, the objective of the scam is for the user to access a link that redirects them to a fraudulent page that looks similar to the legitimate one so that they pay the shipping costs of an alleged package and provide their bank details. For this reason, it is easier for the victim to fall for it if they happen to be waiting for a package to be delivered.
Example of web scam that is reached by following the link in the SMS. / OR IF
Contrary to what usually happens with similar scams, the websites used on this occasion stand out for their high level of detail and for the correct spelling and grammar used. “The way to verify it is by reviewing the URL of the web, which is not the legitimate domain, but one that tries to simulate the real one using the name of the company in the URL,” cybersecurity experts indicate.
What to do in case of scam
To avoid being deceived, OSI recommends not opening this type of message, of course not obeying it and deleting it. According to the example that the entity exposes, the content of the message reads as follows: “Dear customer: Your package is ready for delivery, confirm the customs payment of (1.79 euros) at the following link: (fraudulent link)”.
Example of the web scam in which they request bank details from the victim. / OR IF
However, if the user has taken the scammers’ bait, OSI recommends proceeding as follows:
1. Contact your bank as soon as possible to inform them of what happened and cancel possible transactions that may have been made.
2. If you have also provided your personal data, stay tuned and periodically check what information is published about you (egosurfing) on the Internet to check that it is not being misused.
3. You can report this situation to the State Security Forces and Corps (FCSE).