I know many people I talk to mention they have received An Post scam messages. These have increased dramatically in the last couple of years. Thank you Brexit! Over the weekend I received a new twist on it. An An Post scam email that was as Gaeilge (in Irish).
The email itself ended up in my spam/junk folder. However, not everybody uses the same email platform that I do. Chances are, because it is in Irish, it might bypass such protective systems.
What did the An post scam email look like?
Here is the email that I received:
For those of you who haven’t got the cúpla focail, it translates as:
An error occurred in the delivery process
You have a package that needs to be delivered, but it has been put on hold due to an incorrect delivery address.
Edit your personal information and add a valid shipping address to complete the delivery process.
• Tracking number: DA053884562IE
• Re-delivery fee: €1.99.
• Date: 25/03/2023
This is an automated message, please do not reply.
Attention : If you do not update your details and enter a valid shipping address within 3 days of receiving this message, we will return this package.
I had to laugh at the last line there – An post translates to “The job”. 🤣
What happens if I made a mistake and clicked the button?
You would be brought to a website, that looks remarkably like an An Post website. In keeping with the theme of the email, it will all be in Irish. On this page you would be asked to enter lots of personal data, including payment card information. I’ve translated the various input fields in red in the image below:
One interesting thing here is that the links at the bottom of the page are all genuine An post website links and will take you to the genuine site and social media channels.
I can’t read Irish. Sure how would I know what I’m being asked for?
You mightn’t be able to translate that website. Your browser probably can and so it can be easy to potentially fall victim, particularly where you are waiting for a package to be delivered.
Is there anything that gives this away as a scam?
If this was for a genuine shipment, with some missing address data, they should show you what address information they do have and allow you to correct it. So that is the main giveaway to me.
People like me (a security nerd) will examine the address bar of a website. I know some trainers tell people they need to examine this themselves. However, that’s terrible advice, as most normal people will never do that on a consistent basis. Not only that, how can I be completely sure that this address is not correct? “anpost” is mentioned a couple of times, as well as the .com portion. Website addresses are hard sometimes:
Another big giveaway here is the “Not secure” warning. If you EVER come across that on a website, DO NOT enter any data on that website, no matter whether you think it’s a genuine site or not. Anything you type will not be transmitted in a secure manner.
HOWEVER, the scammers could easily set the website up so that the “Not secure” is not shown, so don’t be completely dependent on that as a way to avoid being scammed.
Well what would you do so mister smarty pants?
If I had something on order, I would refer back to the original shipping email and click the tracking link from that.
If that wasn’t available, then I would copy the tracking number from the An post scam email, go to the An post website and paste it into the tracking facility. It should spit out a message saying that the package can’t be found.
Let’s be careful out there.
How can L2 Cyber Security help you?
We offer a full range of training programmes, which can be delivered online or in-person.
Contact us for more information at info@L2CyberSecurity.com.