scam! The copycat post office sends unpaid duty mail "Your package cannot be sent because the duty has not been paid", and the credit card will be stolen by filling in the information

The post office phishing emails that have appeared before are here again! This time it is the Chinese version of the letter, and there are people who just received such a letter after ordering overseas products under the shrimp skin. I really don’t know if it is true or false. If you also receive a similar email, please contact fraud prevention. Let's take a look at it together, did you receive this "fishing letter" too?

1. Fishing process of Shanzhai Post Office

Chunghwa Post Unpaid Duties Mail

Contents of the letter:

Hello,
Your package cannot be dispatched on March 24, 2022 because customs duties (52.76 TWD) have not been paid
Delivery Scheduled on: 25.03.2022 – 26.03.2022
Amount: NT$52.76 Payee: Chunghwa Post To confirm that your package has been delivered, please click here. If you do not receive the package within 30 days, Chunghwa Post reserves the right to request a deduction (NT$52.76) for each day you order!
For more services, click here to find your shipping tracking This email is sent automatically. Therefore, it is impossible to respond to them.

Thanks for your trust,
Your Chunghwa Post Customer Service

China Trust Deduction Page

According to the description of the original Po of Dcard, no matter you click on any link contained in the letter of Chunghwa Post, you will be taken to the "China Trust's deduction page". If you enter your credit card number, check code, and credit card expiration Years and months, you will start your journey of stealing and brushing. The fraudulent group will always have your credit card information. You may not only be deducted 52.76 yuan, but will be debited from time to time afterwards.

2. How to Identify Chunghwa Post Phishing Letters

1. The subject of the email is reasonable

According to the publicity on the official website of Chunghwa Post, Chunghwa Post will never notify the public by e-mail to handle related postal services or money storage business by online transfer.

2. Sender's email address

Organizations usually have their own domain email addresses, that is, the English between @ and .com. For example, Trend Micro's email addresses are almost always @trendmicro.com, which is a domain that outsiders absolutely cannot register. mail.

The most vulnerable place in phishing is support@gyanvitaranamlawcollege.com, which is obviously not related to the China Post domain ( post.gov.tw ) in the fraud case officially provided by Chunghwa Post.

3. Confirm the destination URL

In phishing emails, scammers often hide the phishing URL in a hyperlink, because the URL of the phishing site is usually clearly not the official domain. For example, the links in this China Post unpaid postal mail are taken to the fake CITIC website below. The URL looks like a series of Domains whose meaning is difficult to identify, not the commonly known www.ctbcbank.com

Although you can check whether the URL is suspicious after clicking on the link, some malicious links may lead you to download some bad programs, causing your computer to be attacked by information security.

The best way is to look at the domain before you click the link. One way is to move the mouse over the hyperlink to see the actual destination URL. If the URL still does not appear, then you can click on the URL. Right-click", select " Copy Destination URL " to other text editors, such as word, notepad, etc., and you can see the actual URL!

PS Obviously, the payment is to be paid to Chunghwa Post, but payment is not made through Chunghwa Post's own system, but to the China Trust page, which is also an unusual signal.

4. Words

In many phishing emails or one-page shopping sites, "simplified characters", "non-Taiwanese language", or official letters but the words are not formal enough, this is most likely because it is done by foreigners. The phishing emails are later translated into traditional Chinese through translation software, so there will be problems that look strange, such as this one, the following doubts appear

• Use "click" instead of "click"
• Click here to find your Shipping Tracking
• 'It's impossible to respond to them'
• Sometimes "you" is used in letters, sometimes "you"

If you receive a letter in English, you can also check the English spelling or capitalization for errors!

3. Use fraud prevention experts to identify phishing websites in one second

Trend Micro fraud prevention experts can help you directly identify whether the website is safe, whether it is a phishing website, a one-page shopping website, etc. Dangerous links are exposed in just one second! You only need to pass the link to Trend Micro fraud prevention experts, who will identify websites with security concerns for you in seconds!

Comprehensive Fraud Prevention Toolkit:

• Learn More Fraud Prevention Tips: Fraud Expert Blog
• Get to know Fraud Master: Fraud Master Official Website
• Identify fraudulent websites in one second: anti-fraud expert chatbot
• Discuss fraud with everyone: fraud prevention experts - National Anti-Fraud Notification Center