Delete the email from Correos asking for 2.99 € for the post


There are times when cybercriminals strive to create new scams and malware, but in other cases it is simply reusing those that are already known, sometimes without changing anything. In October 2019 we told you about a bank scam that used the image of Correos to try to get money from whoever bit, through an email in which Correos supposedly asked you to enter a small amount of money as “management expenses of customs ”, because you had a package pending to be delivered that had been left at customs.

That same scam returned in December 2019, in time for Christmas, and then in April of this year. Just when we passed the equator of November and we are one month and a bit closer to Christmas 2020, it comes back again:

The post scam for 2.99 euros

The OSI, Internet Security Office, has detected the return of the campaign of sending fraudulent emails that impersonate the identity of the Post Office service. The objective is to redirect the victim to a page that pretends to be the legitimate Correos website, but which in reality is not (phishing), which asks the user to make a payment of 2.99 euros for the costs of sending the package.

The email is sent from an email account that does not belong to the legitimate Correos service and under the subject “Your package ES29 *** 56 is ready.” The scam falsifies the domain of Correos to give the fraud greater credibility. This way, the user may think that it is really the legitimate entity that is sending them the email – a practice called Mail spoofing.

You have to look at the language used in the message, that although correct, words with accents are not detected and it adds strange symbols. It is common to find misspellings and / or careless wording, due in large part to the use of automatic translators.

A minimum payment

The scam works like this:

By clicking on the button “You will find data here”, the user is redirected to a page that tries to imitate the legitimate one, where they are instructed to enter their data and pay € 2.99 to receive the package. It should be noted that the form fields perform actions that attempt to validate the data entered by the user. The objective is to give truth to the web and not to raise suspicions in the victim user.

After pressing the “Confirm” button, the user is redirected to a page that contains a form where the bank card details are requested: holder, card number, expiration date and security code.

After clicking on the “Pay” button, the user is redirected to a page with a form where a code is requested that is supposed to arrive by SMS. This strategy is used to give the payment process more credibility and, although the SMS will never receive it, cybercriminals have already achieved their objective, which is to get hold of your bank card details.

And the payment requested, being thus a minimum of € 2.99, can cause “more victims to fall into deception by not involving a great economic cost for the user”, especially if you are really waiting for a package of an online purchase that I’ve done. What happens if the payment is made? Not only will you be giving cybercriminals your personal data, but even worse: banking ones too.

If you are pending the delivery of a package and it is also with the Post Office, never pay, because no company sends payment requests by email requesting personal data of its customers. If you are not sure, call the Post Office and ask them, and they will confirm the same as the OSI: that it is a scam.


Please enter your comment!
Please enter your name here