Phishing has become the routine of the internet, receiving fake emails that try to scam us is a reality that many of the owners of an email account have already faced more than once. The positive part of this persecution is that Internet users are increasingly aware and trained against these attacks. 

Cybercriminals must try harder and find new techniques to deceive their victims, they turn to well-known companies or special institutions to reinforce the feeling of trust and security and let us lower our guard. Correos, for example, is one of the most used, along with Google or Amazon.

An example of this is this new email that the National Cybersecurity Institute has detected . This is a standard phishing scam, but pretty slick in detail and design. This makes deception more difficult to detect. 

Email phishing scam


In the images provided by INCIBE, no errors are seen either in the subject of the email or in the body. The subject requests that we confirm payment of the shipping costs in order to send a package . For those who are not expecting anything, alerts will jump more easily. We should also suspect that couriers request to pay the costs of a shipment by email, when the usual thing is to take the package to the nearest offices and pay for the shipment there.

How often do you have to clean the fridge? This is how often you should do it

As is usual in this type of business, when you click on the button to confirm this supposed payment, a window opens in the browser where the bank details are requested. The web looks real , its design is quite similar to that of the post office, but it is not authentic.

Fake website phishing scam


INCIBE has hidden in the captures the address from which the email is sent and the url to which the button directs us, but these are usually very good clues to detect deception if they do not integrate real domains or are not secure websites that start with “https”. 

The next step, after entering the bank details, is to include a code that should be sent to us by SMS to verify our identity. Of course, the victims do not receive any SMS and the cybercriminals already have the bank details and passwords of that person in their possession.

Phishing with homoglyphs
These are the signs that you are being scammed by email

Can you tell a fake email from a real one? We explain the main signs to avoid being scammed online through an email.

” When the requested credentials are entered, it always returns an error, even if they are correct. Furthermore, clicking on access with Digital Certificate or DNIe indicates that this functionality is disabled, and if an attempt is made to register a new user, it returns an error in which it is indicated to try later “, they explain in INCIBE.

Fake website phishing scam


Whether or not an email or SMS is suspected, it is important to verify the information before using any link or attachment in the message . You can enter the web browser of Correos or the company that is and look for the information on our own, before following the instructions in the mail. 

If with all these precautions we believe we are victims of some deception, it is important to notify our bank as soon as possible so that they help us avoid any movement of the account and change all the passwords and user names that we have similar in emails, profiles of social networks, other banks and other online subscriptions. Correos is once again the bait of a very realistic phishing campaign: beware of these emails