Christmas is here and with it, online purchases and parcel flows increase. But also cybercrime threats.

The security company Kaspersky has discovered a phishing campaign that affects Spanish users, as attackers impersonate the identity of Correos to try to gain their trust and end up stealing their bank card details.

The pretext they use is an alleged delay in the delivery of a package . The title of the email is the phrase «Your shipment is on its way» and in the body it explains that the delivery could not be made because the shipping costs were pending payment . Add a link that directs the receiver to different screens that mimic the identity of Correos, using its logo. In the first request a payment of 1.79 euros and, in another, it simulates the validation of the data.

Although the sender claims to be Correos Customer Service, the address does not match the real one. This should be clue enough to dismiss the email .

Experts also recommend reviewing the text. If it contains spelling mistakes, it will not be official. Clicking on links and opening attachments is discouraged. It is best to go directly to the company page from the browser.

Between November 25 and 28 , Kaspersky systems detected about 930 messages of this type that tried to scam the most unsuspecting users.

«Cybercriminals are taking advantage of the growth in online purchases made during these days on the occasion of Black Friday and Cyber ​​Monday to collect personal and banking information from the most naive shoppers,» explains Dani Creus, Senior Security Analyst for the Kaspersky Research and Analysis (GReAT). «Situation that is complicated also due to the extraordinary pandemic situation that we are experiencing.»

“It is necessary to increase caution, especially now in the face of the Christmas shopping season, where this type of practice will again intensify,” says Creus. «We urge all users to take extreme precautions to detect these emails of suspicious origin. Falling into the trap of this type of scam opens the door to various malicious operations, from stealing money to putting corporate networks at risk, if it is done from the company’s email. ”