Click for larger image

An interesting message has arrived in your spam folder. It is said that the Czech Post cannot deliver the package because it still needs to pay the postage. If you look at the details in the following image, you will certainly notice various warning signs that the sender was someone else. Even so, this fraudulent e-mail is quite successful and many can click on the link. We tried what would happen.

The email has arrived in spam, but it looks pretty believable

Gmail correctly identified the email as suspicious and immediately placed it in a spam folder. The offer of translation from Thai into Czech may also warn you. And maybe even the first two sentences, between which Čech would write a comma instead of a dot. But otherwise the news is believable, the address postaonline.cz belongs to the Czech Post and is therefore close to a click.

But the address is just text, the link itself leads elsewhere. Hover over the link to see it in the lower left corner of the browser or in the developer tools. But not everyone will notice.

Click for larger image
The actual link leads elsewhere, not to the displayed address

After clicking, a page that looks like the Czech Post website will open. Here, too, there are various warning signs: sometimes screwed Czech, a bit out of tune styles, strange English links at the bottom of the picture. But still many might think it’s on the right site.

Click for larger image
With narrowed eyes, it looks a bit like the Czech Post website

And here it is: after filling out the introductory form, the site wants your credit card information. At the top of the address bar is a valid SSL certificate, albeit for an address that should already warn that this will not be the Czech Post. Also Expiration date is not exactly the most accurate translation of the card’s expiration date.

But we still do not notice and fill in the details on the payment card. This is a newly created virtual debit on Revolut with a payment limit set at CZK 1. The page will then ask you to enter the code that should have arrived in the SMS.

Click for larger image Click for larger image
Because of this dialogue, fraudsters do it all. They want your credit card

The code did not arrive in the SMS (also because the phone number was made up), but it was sent in a Revolut message. Scammers also want to use the card for payments on Google Pay.

We insert the code because no payment is received across the card limit, but the page appears to be incorrect. In Revolut, meanwhile, we already see that the fraudulent merchant has verified that the card is active.

Click for larger imageClick for larger imageClick for larger image
Virtual card in Revolut • SMS that arrived • Confirmation of card verification

That concludes today. We are curious where everywhere our card will appear in the future, where they will want to pay with it. We will then liven up the article.

How to avoid email scammers

  • Be suspicious. When something doesn’t seem right to you, trust your intuition.
  • Read such e-mails carefully, it is not enough to just fly through them quickly. You will often come across strange formulations that may again warn you.
  • Real companies usually do not include active links in their reports. It is safer to copy the displayed address and paste it into the browser via the clipboard.
  • Once you have clicked the link, check the address of the page you are going to.
  • Again, pay attention to the details on the page, especially the language ones.
  • Do not enter credit card information in forms on suspicious sites.
  • Learn how to quickly block a payment card via internet banking or an application.
  • Use virtual (easily cancellable) or even one-off payment cards for online payments, if your bank offers them.
  • Set the appropriate payment limits on the card. It is better to increase the limit from time to time if necessary, than to leave an unnecessarily large reserve, which can then be used by fraudsters.

Leave a Reply