The “phishing», Or attacks in which the cybercriminal impersonates a third party to deceive the victim and steal personal and banking data, is among the greatest threats faced by ordinary internet users. This is demonstrated by the fact that, according to Check Point data, this threat has grown more than 400% during the last month due to Black Friday. Now researchers at cybersecurity firm Kaspersky have spotted a new campaign in which criminals They pose as the Post Office with the aim of stealing the bank card details from the userario.
As explained from the firm, the scam begins, as in so many other cases, with an email that scares the phrase “Your shipment is on its way” and contains a link for the user to click and download a computer virus on their device . To do this, cybercriminals use the argument that the delivery of a package could not be made, leaving the shipping costs pending payment. “The sender’s address, although it indicates Customer Service, does not coincide at all with the official postal address, as has become common in scams of this type,” they point out from Kaspersky.
The email is also accompanied by other links that redirect the user to malicious pages that simulate the Post Office official to steal information. In this way, the victim will find that in one of them the payment of € 1.79 is requested and bank card details are requested for this. The following simulates the validation of the data provided with the Correos logo. With this method, cybercriminals can obtain all the victim’s card details and use them to make purchases on the internet. They can also put them up for sale, as has been customary for years.
“Cybercriminals are taking advantage of the growth of online purchases made during these days on the occasion of Black Friday and Cyber Monday to collect personal and banking information from the most naive shoppers. A situation that is being complicated also due to the extraordinary pandemic situation we are experiencing, ”explains Dani Creus, analyst with the Kaspersky research team.
To avoid cyber scams of this type, cybersecurity experts recommend system mistrust of all those emails in which we are asked to act quickly or make some type of payment. The best thing you can do if you come across a message like this in your inbox is to contact the company that supposedly sent it to clear up your doubts. This communication should not be done by responding directly to the message; the best thing is to send a separate email to the address that the company usually uses to answer questions or by calling.