This email from Correos is a scam to empty your checking account | Technology

If you have received this email from Correos, delete it: it is a phishing campaign with the aim of stealing your financial data to empty your checking account.

Phishing campaigns that impersonate Correos are quite common. Considering the rise of e-commerce, which in the new normal has seen a more pronounced growth, cybercriminals know that users are now more aware than ever of postal shipments. For this reason, using the postal company as a hook have a better chance of success than supplanting other companies.

If you want to avoid being a victim of phishing, the National Institute of Cybersecurity (INCIBE) has alerted of a new scam that you have to be aware of. Is about a new campaign that sends a fake email supposedly on behalf of Correos, whose sole purpose is to steal your personal and financial data to empty your checking account.

The mechanics of this scam are similar to what we have seen on other occasions. The criminals forward the fraudulent email to the victim, where the message indicates that the user has a package in their name waiting at the office to be picked up.

The email explains that, because the package could not be delivered, due to the delay it is necessary to pay an amount of 2.99 euros. Since it is a low amount, it seems reasonable that it corresponds to the costs of the service, so the victim is not suspicious and believes that it is a real claim.

The message contains a button to request the delivery of the package that leads to a false page that impersonates the legitimate website of Correos. As you can see in the screenshot above, the design is quite successful, so a priori the victim does not have to suspect anything.


Phishing is one of the techniques most used by cybercriminals to gain user credentials. We show you some tricks that phishing uses to trick users into stealing their personal data by making them believe they are on a legitimate page.

The form requests the user’s bank card details: name and surname, card number, expiration date and CVV. Below is an illegitimate page that pretends to be a Redsys payment gateway, where the victim is asked to enter the password that has been received by SMS.

If you provide all this data, it will be in the possession of cybercriminals, who will use it for malicious purposes and they could empty your checking account or make purchases on your behalf, to give a few examples. If you have fallen into the trap, contact your bank as soon as possible to report what has happened and cancel your card.

Leave a Comment