Scammers are at work again to steal our credit card information: this time they’re using the name of a well-known national express courier.
After the Postal Police’s warning about a new wave of scam emails and SMS sent to try and steal our bank account or credit card number, now comes some concrete examples from security researchers. The latest is from the now well-known (and very active) JamesWT of the Malware Hunter Team: there is an ongoing email phishing campaign with an express courier theme.
The scammers pretend to be the shipping company and claim that there is a package blocked for us, due to unpaid shipping costs of 4.36 euros. A very low figure, but it is only the bait to induce us to click on the next link: clicking on the link, in fact, we end up on the web page of the real scam, where we are asked to enter our personal data and those of the credit card to pay the shipping costs and unlock the package. If we do that, then we give away our card (with all the money in it) to the scammers who will soon start making online purchases in our name.
How to Recognize the Courier Scam Email
In the latest case documented by JamesWT the courier imitated by the scammers is BRT-dpdGroup, but the names and graphics of other shipping companies have been used in the past.
The email says: “Dear customer, your package has been held up at Terminal 1 due to unpaid shipping charges. Please confirm payment of €4.36. Confirm delivery.” Poi c’è il solito testo per metterci fretta: “Se spese di spedizione non viene pagato entro 48 ore, annulleremo la consegna“.
In quest’ultima parte del messaggio si svela la truffa: i link a scadenza, e soprattutto il testo in italiano non corretto, sono entrambi sintomi chiari e frequenti di un tentativo di raggiro.
Come difendersi dalla truffa del corriere espresso
Purtroppo di messaggi del genere ne vengono inviati ogni giorno milioni in tutto il mondo. La nuova truffa del finto corriere BRT è solo l’ultima, ma domani ce ne sarà già un’altra.
Per difendersi bisogna imparare a riconoscerle:
- Controllare l’indirizzo email da cui proviene il messaggio
- Non cliccare su link “a scadenza“
- Controllare l’indirizzo della pagina sulla quale veniamo portati per il pagamento
- Mai pagare se non abbiamo la certezza di cosa stiamo facendo