Fraudulent e-mail, which imitates Czech Post, is spreading among Czech users. Phishing campaign captured by Avast and states that he is still active. The campaign is captured by detections HTML:PhishingPost-B, HTML:PhishingBank-CSQ a URL:Phishing. Attackers are using a service from Google to redirect to a fraudulent site, Avast has already informed the company.
“A fraudulent email alerts users to an uncollected package and prompts them to make a payment on the referring website. The verification process consists of making a control payment of the alleged amount of CZK 1. The same site is located on several newly registered domains. Some of them even lack a security certificate. The design of the website is very similar to the design of the Czech Post website. However, most of the links on the page do not work, and if the user clicks on them, they will receive an error message 404. Some links, on the other hand, redirect the user to the real Czech Post website. The main content of fraudulent sites is the form for entering payment card details. After entering this data, the user will see an animation simulating data processing. Subsequently, a new form for entering the verification code from the sent SMS message will be loaded on the page, ”explains Avast analysts.