In the name of Posti, there are scam messages circulating to fish for payment card information.
There are fraudulent messages circulating in the name of Posti. Posti / Kimmo Rousku
Mail scammers seem to be active again. There are scam messages claiming that the recipient’s package has been left behind at customs. The recipient will be asked to pay a small fee in order to continue the delivery.
General secretary and ICT expert of the digital security management group of the Digital and Population Information Agency Kimmo Rousku shared on his Twitter account a picture of the scam message he received. The message shows how to get the recipient to open the link from the “finish your shipment” section.
The entire message reads as follows:
Dear Customer,
We regret to inform you that the delivery of your package is not yet ready and this will cause some additional costs.
Fill in the following amount: €3.50.
Otherwise, we will continue the return shipment.
The estimated delivery date is: 12 September 2022.
Additional costs: Customs fees.
Complete your submission >
Thank you for using the Posti Group Oyj service!
In addition to this, an official-looking text has been added to the end of the message in an attempt to make the message seem more authentic.
The link in the message leads to a phishing site, which may seem genuine at a quick glance: the address starts with “tarkista-posti-fi…” and the site uses the logo of the posti application. Through the site, criminals try to get the victim to fill in their credit card information. It is possible that filling in the information will result in an order. What is certain, however, is that the filled-in information ends up directly with criminals.
– If you enter the correct card information there, then you will be asked for the two-step identification code that came to the phone, apparently it depends on the payment card used, writes Rousku in the Twitter thread.
The scam message in question is a good example of how criminals have become constantly more skilled. The language used in scam messages is smoother, and there are not many typos either. Messages use elements that make them seem more authentic. These include, for example, logos, polite and directed conversation, signatures, and additional information and data protection statements. Real package tracking codes can also be used in messages.
You should be really careful with messages and text messages that arrive in your e-mail. Criminals falsify the sender’s information so that the messages can look really genuine. Scam text messages can again enter genuine messages into already existing conversations.