Online shopping is the order of the day. Most people receive one, two, or even more packages a week. And, surely, more than once you have been looking forward to an order that, in the end, has been delayed. Hackers know this, and, unsurprisingly, they have taken advantage of it. Since it is very likely that, for one reason or another, you are waiting for a package, you should be very careful with a new Phishing campaign (or, rather, smishing) that is claiming dozens of victims.
Smishing is a relatively new term that identifies all those scams (phishing) that are carried out, instead of by mail or by links on the web, through text messages, SMS. This time, the hackers are carrying out a very complex and elaborate scam in which supplant the Post Officeby means of an SMS, in order to steal your personal and bank details.
This is the Post Office scam
In the message that arrives to your mobile, on behalf of Correos, they tell you that the delivery has been suspended due to a missing street number in the package. A completely understandable reason why you may not receive the package you are expecting. Along with this message we receive a URL, which will take you to a web page to try to correct the error.
The web page that is reached from that link almost perfectly imitates the web of the post office. In it you can see the tracking of the package, and the error that appears in the SMS. When you press, a new website appears in which you will have to enter your personal data, such as name, surname, address, postal code, country, town, province and telephone number.
Immediately afterwards, you will see a section from which the Post Office will ask you to pay a fee, of 0.80 euros, for returning the package to delivery. They will ask you for the card details to pay, but when you enter them, the page will be blocked. And that’s when you’ll have problems.
The data is already in the hands of hackers, who will quickly start charging the card and use your data to carry out phishing, and other more dangerous attacks.
What to do if you fall victim to this scam
If you have received the SMS, but have not opened the link, there is nothing to worry about, since nothing will happen. Even if you have opened it, but have not downloaded anything or entered personal data, there will be no problem. The problems begin when entering personal and banking information in the form.
In this case, the first thing to do is contact the bank to inform them of the problem and to block the card until they send a new one. It is also necessary to control bank movements, to detect any suspicious movement. And very important, make a complaint both in the National Police and in the Civil Guard, reporting what happened and providing all the evidence you can so that, if there are problems in the future, you can be guaranteed.
