The latest threat to consumers in cybersecurity is a sophisticated scam, related to customs payments via SMS, according to ESET.
The message that has begun to be sent to several Spanish users during the last hours passes through the Post Office and requests the payment of a small amount for customs. Despite the fact that this type of campaign has been produced almost constantly for some time, being immersed in full Christmas shopping campaign And having incorporated new measures related to the purchase of articles abroad since this summer, it can make not a few users give truth to this message.
In addition, the phone from which this message is sent belongs to a Spanish number, which helps some users lower their guard and really believe they are facing an official communication from the Post Office. As is usual in this type of message, at the end of it a shortened link is attached that does not let us see where we really want to redirect.
If you click on this shortened link, we are sent to a website that shows a very familiar template. This template shows the supposed amount to be paid, using the corporate colors and the logo of the supplanted company, with the option of making the payment or canceling the operation. This template has been around for a long time, and despite this, the criminals behind these campaigns do not seem to intend to update it.
This case of identity theft or phishing depends on the user being convinced to enter the data related to their credit card. To do this, a form is presented where you can enter data such as the name of the cardholder, the card number, its expiration date, the security code and, as a novelty, the pin code.
Once the criminals obtain this data, they can already try to carry out fraudulent operations with the stolen card, such as, for example, making purchases at the victim’s expense or withdrawing money from an ATM once the card is cloned. However, to authorize some of these operations, a verification code sent by the bank is required, a code that criminals have no problem requesting from the victim in the next step.
They don’t avoid leaving a trace
As a curious fact, criminals have not been too concerned to avoid leaving a trace and on the same website to which we are redirected after clicking on the link sent by SMS we can see a folder where the template used to impersonate the identity of emails is housed . The date of the last modification is remarkable, since it serves as an indication to know how long it could be being used in this type of cyberattack.
It is very likely that this web creation kit impersonating Correos is used by various criminal groups and that they have a structure in charge of emptying the available balance on stolen credit cards and sending it to accounts controlled by attackers, although the request The PIN code in this campaign also makes us think that they have opted for a more direct approach and that allows them to withdraw money directly from ATMs with cloned cards.
Despite being faced with a well-known phishing case that has been with us for a long time, criminals continue to trust that they will get new victims now that we are in the throes of pre christmas shopping and many people are waiting to receive packages. For this reason, it is important that we remain alert to these types of threats and inform our relatives and acquaintances so that they do not fall into this trap.