Bitdefender cybersecurity researchers spotted since August 8 a new phishing campaign impersonating the Romanian Post. Attackers send malicious, deceiving messages designed to trick recipients into paying an additional tax to receive a parcel.
The new Phishing campaign has already reached thousands of unsuspecting people
Thousands of fraudulent emails that notify people that their parcel couldn’t be delivered due to non-payment of a 3,54 RON customs duty were sent out since last Sunday, targeting Romanian citizens. The IPs they were sent from appear to be located in the US.
The message urges targets to access a link to complete the payment and confirm the shipment of the parcel. After clicking on the link, the victims provide the attackers with their bank account details, which hackers can then use to steal from compromised accounts.
The new phishing campaign tries to trick recipients with the email in the image below:
Ironically enough, the scammers even thank the victim for their trust at the end of the message.
It’s worth keeping in mind that throughout 2020 and this year, Bitdefender’s IT security specialists have identified similar fraudulent email campaigns falsely claiming to have been sent on behalf of courier companies amid growing demand for such services.
The Romanian Post warned millions of Romanian people of the new Phishing campaign
According to the notifications posted over time by the Romanian Post, the company only communicates with customers through the official email addresses (firstname.lastname@example.org, email@example.com) and does not request the payment of customs duties through such messages. The company also does not require customers to provide passwords, personal data, card numbers, or other bank account information.
The Romanian Post warned Romanians about the recent fraudulent emails through a recent Facebook post.
6 Recommendations and Precautions against Phishing
Considering the growing number of phishing attacks, here are a few recommendations and tips to help you avoid becoming a victim:
- Use the courier company’s official website directly to track deliveries and avoid being directed to it from an email or message of uncertain origin.
- Verify potential additional delivery taxes directly with the courier via a phone call.
- Use your work computer only for work purposes and avoid installing apps or any other software for personal reasons on it.
Fight Phishing Attacks with ATTACK Simulator’s Security Awareness Training
A fraudulent campaign such as the recent one impersonating the Romanian Post impacts companies much more heavily than individuals. It can cause them a great deal of financial damages or even force them to close.
Humans are the weakest link in the chain that scammers prey on. That is until you provide them with comprehensive online security knowledge and the best practices they should stick to.
The best way for your employees to learn to detect and fend off a phishing attempt is to experience one hands-on. Mistakes are really the best teachers. Therefore, your employees will be exposed to real-life simulations. The purpose of these simulated attacks is to help your staff develop efficient defense mechanisms and acquire valuable decision-making skills.
Here at ATTACK Simulator, we put ourselves in the attacker’s shoes as we believe that understanding their thinking and actions is vital in designing an accurate simulation.
Here are some of the perks of choosing us:
- Automated attack simulation – we simulate all kinds of cyberattacks: phishing, malware, ransomware, spear-phishing, identity theft, online privacy attacks, online scams etc.
- Real-life scenarios – we evaluate users’ vulnerability to give company-related or pesonal data away using realistic web-pages.
- User behavior analysis – we gather user data and compile it in extensive reports to give you a detailed picture of your employees’ security awareness level.
- Malicious file replicas – our emails contain malware file replicas, to make the simulation as realistic as it can be.
- Interactive lessons – if employees fail to recognize our traps and fall into one, they will be redirected to landing pages with quick reads on the best security practices.
- We impersonate popular brands on our simulated phishing pages – the user will be more tempted to click on the URL or open the attachment in the email.
As security awareness training is not a one-off undertaking, we believe that practice makes perfect, and testing should occur regularly, as cyber threats never cease to exist and evolve. Therefore, we are ready to offer you a long-term security awareness training solution tailored to your business’s needs. Also, our long-running training solution keeps your employees on edge, helping them develop new security-oriented reflexes.
Never leave till tomorrow that which you can do today. Request your quote here.