4-72 Servicios Postales Nacionales (Colombia) phishing page detected

Posted byAnti-phishing Leave a comment on 4-72 Servicios Postales Nacionales (Colombia) phishing page detected

4-72 Colombian Postal Service Phishing – Fake Shipping & Payment Scam

This phishing campaign impersonates 4-72 La Red Postal de Colombia (the official national postal service of Colombia) and likely references Gov.co (the Colombian government portal) to appear legitimate. The scam combines a fake shipping information form with a payment page designed to steal credit card details.

How it works:
The victim receives a phishing message—likely via SMS, email, or WhatsApp—claiming a package cannot be delivered due to missing information, customs fees, or a small payment required for release. The link leads to the first phishing page.

Step 1 – Fake Shipping Information Form
The first page (second screenshot) presents a form requesting:

  • Full name
  • Phone number
  • Email address
  • Shipping address (street and city)

This page uses official-looking Colombian postal branding and includes links to legitimate government sites (such as Gov.co and 4-72’s institutional page) to appear authentic. The purpose of this step is to collect personal information and convince the victim they are interacting with the official postal service.

Step 2 – Fake Payment Page
The second page (third screenshot) presents a payment interface that:

  • Asks the victim to select a bank or payment entity
  • Requests payment card details, including card number, expiration date, and CVV
  • Displays a “Pagar” (Pay) button

The amount to be paid is not shown prominently in these screenshots, but in similar scams it is typically a small fee (e.g., for redelivery or customs processing). The page references “Giros” (a Colombian money transfer service) to add familiarity.

The goal:
The attacker steals the victim’s credit card details along with their personal information (name, address, phone, email). This combination enables fraudulent transactions and can be used for identity theft. There is no actual package or delivery issue—the entire shipping notification is fabricated.

Red flags to watch for:

  • Unsolicited link: The victim receives an unexpected message claiming a package issue, with a link to enter personal and payment information. Legitimate postal services do not request payment or personal details via unsolicited links.
  • Request for full card details: Legitimate Colombian postal services (4-72) do not collect credit card information through such forms. Customs or redelivery fees are typically paid in person, at official offices, or through integrated payment gateways after logging into a verified account.
  • Mixed branding: The page includes links to 4-72 and Gov.co, but these are likely just copied text—the actual phishing page is hosted on a different domain.
  • No tracking number context: A legitimate delivery issue would reference a specific tracking number. These pages ask for personal information without linking to any verifiable shipment.
  • Suspicious URL: The pages are hosted on a domain that is not 4-72.gov.co or any official Colombian government domain. Always check the address bar.

What to do if you encounter this:

  • Do not enter any personal information (name, address, phone, email) on such pages.
  • Do not enter credit card details, expiration date, or CVV.
  • If you are expecting a package from 4-72, go directly to the official website (4-72.gov.co) and use your tracking number to check its status.
  • Report the phishing page to 4-72 and to the Colombian authorities (such as the national police’s cybercrime unit).

Why this scam is effective:
4-72 is the official postal service of Colombia, and many citizens use it to send and receive packages. The inclusion of links to legitimate government sites (Gov.co, 4-72’s institutional page) in the footer adds a false sense of authenticity. The two-step process (first collecting personal information, then payment details) mimics the flow of a legitimate shipping update, lowering the victim’s guard.

Protective measures:

  • Always verify package status by typing the official postal service URL directly into your browser—never click links in unsolicited messages.
  • Legitimate postal services will not ask for your credit card details via a form linked in an SMS or email.
  • Be suspicious of messages that create urgency (e.g., “your package cannot be delivered without payment”) and direct you to an external page.
  • If a message claims to be from 4-72, check for a valid tracking number and verify it on the official site.

Leave a comment

Your email address will not be published. Required fields are marked *