Home sci-tech 'Unsuccessful delivery attempt': how fraud using fake email works …


'Unsuccessful delivery attempt': how fraud using fake email works …

by ace
'Unsuccessful delivery attempt': how fraud using fake email works ...

If you have any questions about information security (antivirus, hacking, cybercrime, data theft, etc.), send an email to g1seguranca@globomail.com. The column answers questions left by readers on Thursdays.

1 of 1
 Fake email with fraud on behalf of the Post Office – Photo: Reproduction

Fake email with fraud on behalf of the Post Office – Photo: Reproduction

Post delivery attempt email

I received an email supposedly from the post office. I opened it to read, because I didn't know what it was about. I clicked on the part that directed me to the link on the supposed post office page, where once again I clicked on a part on a form and the download started. Meanwhile, irritated, already suspecting that it could be a scam, but very intrigued, I still responded to the sender of the e-mail asking how he had access to my e-mail. After all, I hadn't provided the address or made any purchases to receive an order.

Afraid, I canceled the download, deleted the history, and the email received. But, I'm still afraid that in the meantime my tablet has already been infected, and they are already having access to everything I have on it: photos, social media accounts, WhatsApp, educational sites, Google, or even e- mail … Should I reset my tablet? How to proceed? – Cleize

This email you received, Cleize is certainly malicious. But that does not mean that your tablet and your data are at risk. But, before understanding the risk for your tablet, let's understand the fraud itself and why you received it.

Criminals collect email addresses from every corner of the internet. If you released your email somewhere, it will certainly enter the mailing lists that criminals collect to trigger this type of fraud. Even if you use e-mail only in a restricted way, criminals can obtain your address from a friend of yours who fell into one of these scams or from data leaks (a store that was attacked and leaked the e-mail addresses of registered customers , for example).

In other words, receiving messages like this is normal and, unfortunately, is part of "life" on the internet. Hackers send these emails to thousands or even millions of people at once, so don't imagine that you were specifically chosen by the criminal.

The purpose of e-mails is to attract your attention – as you said very well, to leave the victim "intrigued", curious (or scared, in some cases), to click on the message.

The more a message incites some sense of "urgency" or "curiosity", the greater our care must be, because the purpose of this type of message is precisely to "turn off" – at least temporarily – our perception of danger.

Themselves Post offices have already warned of this type of fraud, clarifying that they do not send emails without authorization. This blog has also talked about these fake emails in 2016, so this is a very old "bait" in the criminals' repertoire.

But, if this is really a fraudulent email, why is it possible that your tablet is not in danger?

The answer is that most of these scams do not attempt to attack Android or iOS tablets. In general, they only target Windows devices (PCs, notebooks and tablets). Seeing the screenshots you sent, it looks like you’re using Android, which would be off the target list.

On Windows computers, opening the fraud link contaminates the system with a thief of information and passwords. Any password, information and credit card entered on the computer will be at risk. On Android systems, the file is usually incompatible and cannot be opened.

That said, as you interacted a lot with the fraud, it is also valid to "reset" the tablet, restoring the factory settings. But that would be just an extreme precaution. The most likely thing is that nothing has happened and that all your data is safe, but you cannot be sure without a thorough analysis of the fraud.

It is up to you to choose whether the precautionary measures are worth taking. I usually already have backups of my files, so "resetting" a phone or tablet does not cause me any inconvenience.

Finally: never respond to fraudulent emails. In many cases, the answer will not reach criminals; however, if it arrives, you will at the very least be confirming that you are a potential victim of further fraud.

Data sharing

A finance company specialized in public servants sent me an email (which is not the functional one) offering a loan. I would like to know how can I know if it was the paying bank that provided my data. – Jamile

Currently, Brazilian law is very lenient when it comes to data processing. There is no legal provision to trace the "origin" of information. Even companies that record the source of the data rarely keep that record forever. That is, you can end up in a situation where the trail simply "disappears" at a given time.

Our legislation will be updated with the General Data Protection Law, which was due to come into force in August 2020. However, a Provisional Measure postponed the date to 2021.

Until then, we have few legal resources to understand how our data circulates between companies.

You can try to question how the finance company got your email, but it would be wrong to say that the finance company acted irregularly just by sending an email. Companies can be held responsible for losses resulting from the irregular use of data, but Brazil has no law on sending unwanted e-mails (spam), and it is difficult to say that receiving a promotional e-mail is a "loss". Furthermore, the LGPD is also not going to change this scenario.

If you are suspicious of a specific organization (the paying bank, in this case), it is worth checking the contract and checking if there is any authorization to use your data or share data with third parties.

Since law enforcement always depends on specific cases, you can seek the assistance of a lawyer.

Questions about digital security? Send an email to g1seguranca@globomail.com


Related Articles

Leave a Comment

10 − four =

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More