Contacts
Screenshot 2024-11-14 at 17.32.54

New Correios SMS Scam

Last week, an old scam began circulating again in Brazil with significant force. Scammers send fake messages in the name of Correios (Brazilian Postal Service), claiming that a package is being held at customs. Numerous reports of people who received these fraudulent SMS messages have been widely publicized, highlighting the need for awareness and prevention.

How the Scam Works

The scammers send an SMS message posing as Correios, informing that a package is being held at customs and requires a fee payment for release. The message includes a link that leads to a fake website, where the victim’s personal and financial data are requested.

Details of the Criminal Scheme:

  1. Malicious Link: The message contains a link that directs the victim to a fraudulent website, often visually identical to the official Correios website, stating that the package is being held pending fee payment.
  2. Data Request: On the fake site, the victim is induced to enter personal data and financial information under the pretext of generating the payment method. This data is stored by the fraudster, who can use or sell it.
  3. PIX Code Generation: After entering the data, a PIX code is generated for the victim to make the payment.
  4. Information Theft: Once the victim enters their data, scammers use it to commit financial fraud or even sell it on deep and dark web channels.

Impact and Risks

Users who enter their data or make payments generated on the scam portal may have their personal and financial information stolen, resulting in financial losses and compromised personal security.

How to Protect Yourself:

  1. Message Verification: Be suspicious of messages requesting payment or personal information.
  2. Official Websites: Always use Correios’ official website to check the status of your packages.
  3. Content Analysis: When accessing the website, carefully verify the information presented. Many of these sites already have a tracking code inserted that certainly isn’t for your package.

How Vydar Can Support

Vydar, our Generative AI-based Threat Intelligence platform, offers various tools and services that help prevent and mitigate scams like this. In addition to advanced and continuous threat monitoring, the platform identifies attack patterns and vectors, providing valuable and detailed insights about the tactics used by scammers.

Using Vydar, our team has already identified over 200 URLs related to this scam in a short period. However, this number continues to increase rapidly, indicating that the scam is expanding significantly.