Small investigation: phishing campaign in Spain

If you have spent any time in Spain, you would hear about Correos, the local postal company. Yesterday, I received an SMS with a message stating that I needed to pay fee for parcel.

SMS form fake Correos

I wasn't expecting any parcels, but I had heard from my colleagues about this kind of phishing campaign. I was actually relieved to receive this message because now I had an opportunity to start my small investigation!

What did I know about this phishing campaign? It begins with SMS messages being sent to random Spanish phone numbers. It absolutely doesn't matter which operator you use. In the message, you are informed that you need to pay fees for your parcel. When you visit the link, you are directed to a fake Correos website. This campaign can be successful when you are genuinely expecting a parcel and don't pay attention to security.

Firstly, I initiated a VPN connection and started a virtual machine because it's a bad idea to visit malicious sites from your local system. This link makes every cybersecurity professional suspicious, but I believe that people who are not well versed in IT can become victims of this.

Phishing Correos website

The website looks identical to the real Correos site, with similar colors and design, but the quality is poor. The subsequent steps are typical for scam sites: you need to input your bank card information, send it, and wait for a "Success" message. An interesting fact is that my first attempt at providing data was unsuccessful, and the data was only "accepted" on the second try. This suggests that it may be scripted to ensure that the victim sends and confirms their data twice.

Card data form on phishing website

Another intriguing aspect is that the site had an emulation of SMS code verification, but, of course, any numbers you provide will be accepted.

I decided to check the domain name through a WHOIS lookup. This address was registered in 2022. It's possible that someone bought it, hacked it, or it was registered a long time ago with fake data. I went through the information and found registrant details and contacts.

Whois of phishing domain

I know that this may not be very effective because hackers often register millions of phishing domain addresses or use hacked sites for phishing, but I sent a message to the registrant regarding the phishing incident. After some time, the site was blocked. I hope I was able to help someone in Spain protect their credit card information and money.

In conclusion, I would like to present 15 points that will help you significantly reduce the risk of becoming a victim phishing campaigns and protect your bank card information from unauthorized access:

  1. Beware of Suspicious Emails: Be cautious when receiving unsolicited emails, especially if they ask for personal information, financial details, or contain urgent requests. Check sender email addresses for legitimacy, and look out for spelling and grammar mistakes.

  2. Verify the Source: If you receive an email or message from an organization requesting sensitive information, contact them directly using official contact details to confirm the request’s authenticity.

  3. Use Multi-Factor Authentication (MFA): Enable MFA whenever possible for your online accounts. This adds an extra layer of security by requiring additional verification beyond just a password.

  4. Keep Software Updated: Regularly update your operating system, antivirus software, and web browsers. Cybercriminals often exploit vulnerabilities in outdated software.

  5. Educate Yourself: Understand common phishing tactics, such as spear-phishing, CEO fraud, and deceptive website URLs. Familiarize yourself with phishing warning signs.

  6. Check Website URLs: Always double-check website URLs before entering personal or financial information. Ensure the website has “https://” and a padlock icon in the address bar for secure connections.

  7. Use a Reliable Security Software: Invest in reputable antivirus and anti-phishing software to protect against malicious websites and emails.

  8. Be Cautious with Pop-ups: Avoid clicking on pop-up ads or windows that ask for sensitive information. Legitimate organizations typically do not request this through pop-ups.

  9. Limit Sharing on Social Media: Be cautious about the personal information you share on social media platforms, as cybercriminals may use this information for targeted phishing attacks.

  10. Regularly Monitor Bank Statements: Review your bank and credit card statements regularly to detect any unauthorized transactions. Report any suspicious activity immediately to your bank.

  11. Use a Dedicated Email Address: Consider using a separate email address for financial transactions to reduce the likelihood of receiving phishing emails in your primary inbox.

  12. Enable Account Alerts: Set up alerts for your bank and credit card accounts to receive notifications for any unusual or large transactions.

  13. Secure Wi-Fi Networks: Ensure that your home Wi-Fi network is password-protected, and avoid conducting sensitive transactions on public or unsecured networks.

  14. Trust Your Instincts: If something feels off or too good to be true, it probably is. Don’t hesitate to verify the legitimacy of any request before taking action.

  15. Regularly Back Up Data: Keep backups of important data, so you can recover it in case of a cyberattack.

Please be cautious and stay secure!