Fake Ceska Posta page in Czech detected

Posted byAnti-phishing Leave a comment on Fake Ceska Posta page in Czech detected

This screenshot shows a phishing page impersonating Česká pošta (Czech Post) , targeting Czech‑speaking users. The scam uses a small delivery fee (38 CZK) as a pretext to harvest personal information and full credit card details.

Threat Analysis: Česká Pošta Phishing – Personal Info & Card Harvesting

How it works:
The victim receives an SMS, email, or messaging app alert claiming a package requires a small delivery fee to be released. The link leads to this page, which mimics the official Česká pošta interface. The victim is asked to provide:

  • Personal details: first name, surname, street address, city, postal code, phone number
  • Payment details: cardholder name, full card number, expiration date (MM/YYYY), CVV

A fake tracking number and a total of 38 CZK are displayed to make the request appear legitimate.

The goal:
The attacker collects:

  • Personal identity information (name, address, phone) for identity theft or further scams
  • Full credit/debit card details (number, expiry, CVV) to make fraudulent purchases or sell the data

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not ceskaposta.cz. Legitimate Czech Post services use only official domains.
  • Request for CVV for a small fee: A legitimate postal service never asks for your card security code to collect a delivery fee.
  • Small fee trick: 38 CZK is a trivial amount intended to lower suspicion.
  • Fake tracking number: The tracking code cannot be verified on the official Česká pošta website.
  • No personalization: The page does not reference a genuine package or address the victim by name.
  • Copied branding: The page uses the Česká pošta logo and layout, but these are copied from the real site.

What to do if you encounter this:

  • Do not enter any personal or card information.
  • If you are expecting a package, track it directly by typing ceskaposta.cz into your browser and using your real tracking number.
  • If you have already entered card details, contact your bank immediately to block the card and dispute any unauthorized charges.
  • Report the phishing page to Česká pošta and to the relevant authorities.

Protective measures:

  • Never click links in unsolicited delivery messages. Always go directly to the official courier website.
  • Never pay a “redelivery fee” via a link. Legitimate fees are handled in person, through the official app, or after logging into your account on the official site.
  • Check the URL carefully: Legitimate Česká pošta domains end with ceskaposta.cz. Look for misspellings, extra words, or unusual top‑level domains.
  • Enable transaction alerts on your bank account to catch unauthorized charges early.

Leave a comment

Your email address will not be published. Required fields are marked *