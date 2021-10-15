Hackers are re-attempting a massive phishing campaign through a fraudulent email telling us that our package has arrived and that we need to pay. That’s where it all begins.

Over the years, hackers have refined their strategies to do evil. But, as much as they advance and perfect themselves, the Correos scam is a classic that they do not abandon (like this other one from Amazon).

This last scam is uniting the transport company with a package that has not been possible to deliver, finally, offer us a smartphone for only 1.5 euros. If it weren’t for the scam, it would seem like it’s our lucky day.

With a first email where we are contacted for the first time, phishing tries to make us believe that there is a package under follow-up that is waiting at the distribution center but without an address. He urges us to open a chat to solve the incident.

Once we click on the Start Chat button, we are directed to a website where there is a supposed chatbot that asks us to confirm the order number (They try to mimic all normal security procedures).

And then we says that the label of our package is badly damaged and that they do not know where to deliver it (Funny that they do not have our home address but the email, that’s where we should start to be suspicious).

Once we accept the conditions set by the chatbot, which consists of paying € 3 for the manual treatment of the package, we are redirected to a website where there is a special offer that offers us an iPhone 12 Pro for only € 1.50.

This last step It is the dangerous one and where the pirates get the information they were looking for, since to get the mobile we must fill in all our personal data and, in addition, write the number of our credit card, with its CCV2 code and the expiration date.

Lucky for us there are ways to know if we are facing a case of phishing, although you have to be careful. We must first look at the email address that the email sent us, there is usually the first error since they are not official addresses.

Then we must make sure that the website to which we are redirected is the official one, so it is useful to see if it is HTTPS or only HTTP, in addition to that through Google we can search which is the official page and compare it with the link that they have given us of that supposed Post Office.

It is also useful take a good look at the logo (they usually use old logos) and in the footer of the messages, since there they do not carry all the warnings of the security treatment of the messages.

And, finally, the best thing is to resort to the number one rule of the internet: nobody gives anything away if in exchange you have to enter your personal data. Always be suspicious of these messages. Here is an explanation if you are not sure what phishing is.