Fraudulent campaigns impersonate the Post Office with a false package

Fraudulent campaigns impersonate the Post Office with a false package

As in any other case of phishing, take extreme precautions and warn your employees to be alert to emails they receive from suspicious sources, especially if they contain attachments or, as in this case, external links to login pages. .

If an employee has received an email of these characteristics, has accessed the link and entered the access credentials and banking information, they must modify the access password as soon as possible, as well as contact the banking entity to inform them of the situation. In addition, it is recommended to modify the password of all those services in which it is used.

As general guidelines, to avoid being a victim of fraud of this type, it is recommended:

Do not open emails from unknown or unsolicited users: they must be deleted directly.
If the email comes from a legitimate banking entity, it will never contain links to your login page or attached documents.
Do not respond under any circumstances to these emails.
Be careful when following links or downloading attachments in emails, SMS, messages on WhatsApp or social networks, even if they are from known contacts.
Always have the operating system and antivirus updated. In the case of the antivirus, check that it is active.
Make sure your employees' user accounts use strong passwords and no administrator permissions.
Furthermore, to prevent and reinforce these tips, it is important to carry out cybersecurity awareness actions among employees.

Anti-phishing decalogue
Find someone else to fool, I'm not going to sting
Has your company been the victim of an incident? Report it
They supplanted my supplier and scammed my company
The cybercriminal "catched" him for his lack of training
Would you like to be up to date with the information in our notices? Go ahead and subscribe to our newsletters or the Twitter profile @ProtegeEmpresa and Facebook. You will be the first to know about the latest security advisories for companies. We also put at your disposal a free cybersecurity help line: 017.
Detail: 
The malicious campaigns detected impersonating the Post Office and Telegraph use a retained package as a hook. In the first fraudulent email identified, the subject is “Your package is awaiting delivery.”. In the communication, the user is informed that a package is being held, and in order for it to be delivered, they must pay 2.99 Euros within a period of less than 14 days.

001