Fake Correos Mail page detected

Posted byAnti-phishing Leave a comment on Fake Correos Mail page detected

This screenshot shows a package delivery phishing page targeting Spanish‑speaking users. The scam claims a delivery attempt failed and asks the victim to pay a small fee (€1.99) to reschedule, capturing full credit card details in the process.

Threat Analysis: Package Delivery Phishing – Small Fee & Card Harvesting

How it works:
The victim receives an SMS or email claiming a package could not be delivered. A link leads to this page, which asks for:

  • Card number
  • Expiration date (MM/AA)
  • Security code (CVV)

The page shows a fake delivery code and a total of €1.99 – a tiny amount designed to lower suspicion. The “Pagar” button submits the stolen card data to the attacker.

The goal:
The attacker collects full credit/debit card details to make unauthorized purchases, clone the card, or sell the information.

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not an official postal or courier service.
  • Small fee trick: Scammers use a negligible amount so victims pay without thinking.
  • Request for CVV for a simple redelivery fee: Legitimate delivery services do not ask for CVV codes to reschedule a delivery.
  • No tracking number that can be verified independently: The “E5/2938456” is fake.
  • SSL badge: The “secure payment” badge is fake – phishing pages often add such graphics to appear trustworthy.

What to do if you encounter this:

  • Do not enter any card details.
  • If you are expecting a package, track it directly on the official courier website using your real tracking number.
  • If you have already entered your card details, contact your bank immediately to block the card and dispute any fraudulent charges.
  • Report the phishing page to the legitimate courier company being impersonated.

Protective measures:

  • Never click links in unsolicited delivery messages. Always go directly to the courier’s official website.
  • Never pay a “redelivery fee” via a link. Legitimate fees are handled in person or through the official site after logging in.
  • Check the URL carefully. Look for misspellings, unusual domains, or free hosting services.
  • Enable transaction alerts on your bank account to catch unauthorized charges early.

Leave a comment

Your email address will not be published. Required fields are marked *