Correos Express fake page detected

Posted byAnti-phishing Leave a comment on Correos Express fake page detected

Incident Report: This scam layout was logged, cross-checked, and neutralized firsthand by the Antiphishing.biz security team during our daily link moderation procedures. To protect the public, the hostile origin link has been safely deactivated within our infrastructure. We document and analyze these live visual patterns to help security researchers and users detect replica fraud techniques before financial damage occurs.

Actual screenshot of "Correos Express fake page detected" phishing interface captured during link moderation on our platform.
Figure 1: Visual proof of the active phishing operation captured during routine moderation.

This screenshot shows a Spanish‑language phishing page impersonating a delivery service (such as Correos or another courier). The scam asks the victim to pay a small fee (€1.98) for a “new delivery attempt” and in the process harvests full credit card details.

Threat Analysis: Delivery Phishing – Small Fee & Card Harvesting

How it works:
The victim receives an SMS, email, or messaging app alert claiming a package could not be delivered and that a small fee is required to schedule a new delivery attempt. The link leads to this page, which mimics a courier’s payment interface. The victim is asked to provide:

  • Cardholder name
  • Full card number
  • Expiration date (MM/AA)
  • CVV security code

A total of €1.98 is displayed, with a fake breakdown (VAT, partial total) to appear legitimate. A “secure payment” badge and SSL claim are added to create a false sense of security.

The goal:
The attacker captures complete credit/debit card information to make fraudulent purchases, clone the card, or sell the data.

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not the official courier’s website.
  • Request for CVV: A legitimate delivery service never asks for your card security code to collect a redelivery fee.
  • Small fee trick: €1.98 is a trivial amount intended to lower suspicion.
  • No tracking or package reference: The page lacks a verifiable tracking number or any personalization linking it to an actual shipment.
  • Fake security badges: The “SSL protegido” and padlock icons are copied from legitimate sites but do not guarantee authenticity.

What to do if you encounter this:

  • Do not enter any card or personal information.
  • If you are expecting a delivery, track it directly by typing the official courier’s URL into your browser.
  • If you have already entered card details, contact your bank immediately to block the card and dispute any unauthorized charges.
  • Report the phishing page to the legitimate courier service and to the relevant authorities.

Protective measures:

  • Never click links in unsolicited delivery messages. Always go directly to the official courier website.
  • Never pay a “redelivery fee” via a link. Legitimate fees are handled in person, through the official app, or after logging into your account on the official site.
  • Check the URL carefully: Look for misspellings, extra words, or unusual top‑level domains.
  • Enable transaction alerts on your bank account to catch unauthorized charges early.

Leave a comment

Your email address will not be published. Required fields are marked *