What is phishing and how does it work?
Phishing is a technique used by cyber criminals which consists of tricking people by posing as a legitimate company or service. The ultimate goal is to obtain our personal passwords, install malware on our devices or steal our money.
Cyber criminals use various channels to carry out phishing: email, SMS (smishing) or telephone calls (voice phishing or vishing). Although different channels are used to reach the end goal, the technique is always the same: impersonating trusted organisations to trick the victim into performing certain activities.
Ultimately, what cyber criminals do is throw a hook into the digital ocean to see if any of the hundreds of fish swimming there take the bait.
Why do they use the Correos image?
Correos is one of the main Spanish companies in terms of size, presence, human capital and physical and digital infrastructure. As the main parcel service in Spain, Correos has become a common target for cyber criminals to impersonate when carrying out phishing attacks, with a request for payment or to complete a delivery address in order to receive a parcel being the most commonly used ploys.
What can I do to avoid it?
If you're not expecting a parcel and you receive a suspicious email or SMS, there's usually no doubt that it's a scam. But if you are expecting something, doubts can creep in, since cyber criminal techniques are becoming more and more sophisticated and it can be difficult to know whether the email you have received is a legitimate one from Correos.
So, whenever you receive this type of email or SMS, you should always ask yourself this very simple question: are you expecting a delivery, are you a Correos customer, or are you signed up to a Correos service? If you're not expecting any packages or deliveries, you're not a customer and you're not signed up to any services, ignore the email or SMS and delete it.
If, on the other hand, you are expecting a delivery or you are a Correos customer, you might be tempted to do what you're being asked to because you're worried that if you don't, you won't receive the package you're expecting. For this reason, it's very important to remember that Correos will never ask you for personal information, bank details or for you to carry out bank transactions by email or by text message (SMS).
General advice to protect yourself from fishing