Sociations on parcel delivery (update)

When customers make us these kinds of feedback, our cybersecurity teams go up the thread and put an end to the sender but it is often endless. The post office

La Poste, Colissimo. Watch out for this new package

A new phishing technique landed at the end of August. The crooks ask the victims to pay “reprogramming costs” to receive the package.

A New scam arrived on the market. This time she hides behind LPackage for which it is asked to pay ” Reprogramming costs “Up to one euro to receive his property.

But beware: this is indeed abouta scam, that of phishing at the package.

“It happens regularly unfortunately, especially at the end of the year there are more packages to deliver,” laments La Poste.

When customers make us these kinds of feedback, our cybersecurity teams go up the thread and put an end to the sender but it is often endless.

The post office

How’s it going ?

The scenario of this scam is simple. Criminals contact their victims by email under the label of a delivery company as La Poste or Colissimo For example. They tell them that a package intended for them is blocked at the warehouse. To unlock it, you must therefore pay “reprogramming costs”.

A sum which must be paid within 24 hours, as pointed out in a victim to Numerama.

Without this, the package may never happen safely.

By clicking on the link to give this information, the victim is redirected to a telephone resale site as our colleagues have spotted, either No relation to the delivery company. And if she enters this information in a form, she subscribes to a third -party service.

Videos: Right now on news

On social networks, it is not uncommon to find the testimony of a few victims: “I was ripped off at Christmas last year with this reprogramming to one euro. I was urgently waiting for a package, in the eagerness with the job, I validated. And yet I am very vigilant. Which led to an automatic subscription to an Esalon site … Automatic direct debit every 15 days of 18 euros… ”.

What is phishing ?

PHISHING, also called “Hames” is a technique used by crooks for personal information (contact details, passwords, financial data, etc. )). Generally, it is through an email that the victims of this scam are defrauded. The criminal then uses this information to usurp the identity of the person or even buy products online.

How not to be fooled ?

If everything suggests that this request is real (in particular the follow -up number indicated in the email), Some clues reflect the scam.

First, the tracking number changes as soon as we click on the form and the page that appears has nothing to do with delivery as we explained above.

Then it takes Check the sender’s email address well “There, it rarely deceives,” says La Poste, who recalls that she never asks customers awaiting delivery of a package of bank details or secret code by phone or email.

For its part, the DGCCRF (Directorate General for Competition, Consumption and Fraud Repression) advises to use “different and complex passwords for each site and application” and to contact the organization concerned directly.

Follow all the news in your favorite cities and media by registering for my news.

• Share on Facebook
• Share on Twitter
• Share by email
• Copy/paste the copied link ! https: // news.FR/SOCIETE/LA-POSTE-COLISSIMO-ATTENTIAL-A-CETTE-NOUVELLE-ARNAQUE-AU-COLIS_44563508.html

Za du Chateau Delivery

Cybermalvence.gouv.en analyze this threat and give you his advice to face it.

1. What is it about ?

This type of fraudulent message enters the cybermalveh category called thePhishing (phishing in English) which aims to usurp the identity of a brand or an organization known to encourage the victim to provide personal or confidential information.

In the case of scams on the delivery of packages, the victims receive a message (E-mail or SMS) which seems to come from existing transport companies such as La Poste, Colissimo, DPD, Chronopost, UPS or fictitious (IPS / International Parcel Service).

Email has for example for subject “” Your order has been sent »», “” Package awaiting instruction »» or “” Your package nº6q02864xx33 is awaiting delivery »»… As for messages received by SMS, they generally display a sender name that can suggest that they really come from a delivery service. When a sender phone number is displayed, this is a French or foreign mobile phone number or, sometimes, a short 5 -digit number starting with 38 that looks like those used by real services delivery.

This message, which usurps the identity of a real or fictitious delivery company, announces thatA package must be delivered but that it remains to pay a sum of money to make it arrive at destination, with very often a mention indicating that it should not be long in making the payment. The small amount claimed, up to a few euros, evokes for example a lack of emancipation, shipping or shipping costs remaining, payment of taxes such as VAT, customs or customs clearance fees, etc.

To make this payment, the victim is invited to click on a link contained in the message which redirects it to a fraudulent website. This usurpes the identity of the delivery company, by sporting or diverting its logo and its name, and gives information on monitoring the package. So many elements that aim to trust the victim to better deceive him.

On this website created by crooks, personal information can be requested: identity, postal or electronic address, telephone number .. He is subsequently asked the victim to enter her bank card contact details to pay the alleged delivery costs.
By filling out this form, the victim transmits his personal and banking information to the crooks who can make fraudulent use of it. They will seek for example to use these banking contact details themselves to make purchases or resell the information collected from other cybercriminals that will make use of it in turn.

This particularly tied operating mode is turned in such a way that he can be fooled both by a person who awaits the reception of a package as another person who has sent a.

Examples of fraudulent websites of scams on the delivery of packages:

Other types of scam related to the package on the delivery of packages

Cybermalvence.gouv.FR has identified several other variants of scams that start with a fraudulent message announcing the delivery of a package:

1. Cybermalvence.gouv.fr regularly observes messages (emails) announcing a delivery which contains a attachment file whose opening installs a virus allowing, for example, the crooks to take control of the victim’s device. Likewise, it has been identified messages (emails or SMS) containing a Link leading to the installation of a virus or the display of a false alert encouraging to enter connection identifiers On a phishing page (phishing).
Be vigilant, do not open the attachments or the links of a message that seems doubtful to you because unexpected or coming from an unusual sender.

2. Another cybermalveh following fraudulent messages on delivery of packages is the scam with false computer repair, also called False technical support scam. Once you have clicked on the link contained in the message, a Anxiety -provoking alert screen blocks your device by indicating a serious technical problem or a virus and you are Contact urgently by phone an alleged official technical support (Microsoft, Apple, Google, etc.) who will try to convince you to pay for a remote pseudo-peerage. Do not call this number ! All our advice to deal with this threat.

3. Another variant starts in the same way as the package on the delivery of packages, but this time leads to a fraudulent website that announces that you have won a lot (a mobile phone or a video game console for example). To receive this “gift”, you are invited to enter your personal information and your bank details in order to pay a small sum of money, a few euros depending on the reported case, corresponding to the payment of the costs. Be careful and read the mentions present on these pages ! Indeed, by filling out this form, You will give your consent for subscription to a subscription to services whose real content is very little or not detailed. The cost of this subscription can amount to several tens of euros per month. The termination of this type of subscriptions can be very complicated by the fact that the companies with which they are subscribed are domiciled abroad.

Summer 2022: new campaign of fraudulent sms on parcel delivery

Cybermalvence.gouv.fr observed since the summer of 2022 of Massive waves of sending SMS announcing the delivery of a package particularly aggressive and making many victims. The received SMS contains a link which, once clicked, displays an alert message.

On an Android phone, the alert message encourages a supposed update of the Chrome browser which is actually a malicious application (virus). Once installed, this virus is able to carry out various malicious actions: sending SMS en mass sometimes surcharged, theft of passwords ..
Cybermalvence.gouv.en recommends that victims of this threat to apply the advice of his article dedicated to computer viruses.

Examples of SMS and campaign alert messages 2022:

2. How did they have your email address or phone number ?

To get your email address or phone number, crooks can use different methods such as bans, which is a fraudulent technique intended to lure the internet user to encourage him to communicate personal information (identity, passwords …) by sending him a usurping message the identity of a third party. Number of This information circulates between cybercriminals in the form of files that they exchange or resell.

Moreover, Your email address and phone number already circulate on the internet. Indeed, you have already entered them on different websites or use them regularly to identify and communicate. These sites have sometimes sold or exchanged their email address files with different partners, some of which are unscrupulous, in marketing objectives. These address files are sometimes also stolen or recovered by cybercriminals To be used in fraudulent campaigns, for bans attacks, like the scam on package delivery.

3. What if you receive a scam message on parcel delivery ?

Beforehand, know that Delivery companies will never ask you by SMS or by email any payment to receive a package. For example, The post office informs on her website that she ” You will never ask you to pay to remove a package by SMS or by email ”. Likewise, Chronopost specifies that he “Don’t ask you ID card nor shipping cost For deliveries in France ”.

1. In doubt, contact the delivery company concerned directly to confirm the message you received. If the company tells you that it is not behind the sending of this message, consider that this is a scam attempt.

4. And if you are the victim of the scam on the delivery of packages ?

1. In doubt, contact the real delivery company. You will find its contact details on its official website.

Depending on the case, the following offenses can be retained:

• Scam (article 313-1 of the penal code): the scam is the fact, either by the use of a false name or a false quality, or by the abuse of true quality, or by use fraudulent maneuvers, to deceive a natural or legal person and to determine them thus, to their damage or to the damage of a third party, to put back funds, values ​​or any property, to provide a service or to consent to an act operating obligation or discharge. Crime punishable by a prison sentence of five years and 375,000 euros fine.

• Collection of personal data by a fraudulent, unfair or illicit means (article 226-18 of the penal code): such a collection constitutes a crime punishable by a prison sentence of five years and 300,000 euros fine.

• Counterfeiting and fraudulent use of means of payment (Articles L163-3 and L163-4 of the Monetary and Financial Code): crime punishable by a prison sentence of seven years and 750,000 euros fine.

Initial publication: February 03, 2021

Read also :

Beyond the scam on parcel delivery, cybercriminals are increasing attempts at scam in connection with online trade, especially during promotional periods. False announcements or promotions, false orders, false merchant websites, phishing (phishing) by SMS, telephone or email (email), false after-sales service … Find our 7 Tips to avoid being defrauded.