Be careful if you receive an SMS warning of a postal shipment: it is not from the Post Office, it is a Trojan

The National Police has warned this Wednesday of a new malicious hoax that involves Post and that consists of a SMS that notifies of a shipment which is on the way accompanied by a link. Mass shipments have been detected since last January 9.

The Police warn that clicking on this link installs a Trojan virus on the device. The URL to which the message is redirected is a download page of an application with the Correos logo, but beware, it is not Official SMS of the Post Office, is about phishing, the technique that keeps the victim’s data, and the application that asks for it to be downloaded contains a malicious apk file.

Police note informing of the hoax.

The Police warn that once the scammer enters the website of the URL «the victim is told that he must download a supposed delivery management application (the link in red), and when he clicks what he does is that it downloads a Trojan virus-like malware that accesses the information contained in the telephone terminal and, in addition, the telephone book of the affected person and forwards the same SMS message to all their contacts.

Trojan emails
SMS informing of a shipment. It’s false-

For this reason, the National Police warns that you do not click on the address and the SMS is directly deleted to avoid downloading the Trojan virus it contains.

The Internet User Security Office It also warns of fraud that seeks to supplant Correos: «An SMS campaign has been identified supplanting the Correos service. The objective is for the user to download a supposed shipment tracking application but that is actually malicious and download Trojans to steal bank details.

This office ensures that if someone has already been a victim of the attack “you must delete the application and scan it with an updated antivirus.”

He adds that “if, on the contrary, you have received this SMS but you have not downloaded the malicious application, you should simply delete the message from your inbox so as not to install it by mistake and go to your file manager where you will find the .apk file that it downloads the application and remove it.

As general guidelines, cyber experts give guidelines to avoid phishing.

Cyber ​​experts give a series of guidelines to identify suspicious emails: they adopt the name and image of real companies, they include websites that visually are exactly the same as those of real companies, they use the “hook” as a loss of account or gifts, and make use of the “rush factor” so that users do not even have time to think about what they are doing.


Phishing attacks are repeated daily around the world, so emails can reach you in any language. They are usually poorly written and / or translated.


In no case should you click on the links that appear attached in these types of emails because they lead to fraudulent websites. Secure sites begin with “https: //”, and a closed padlock icon should appear in the browser.

You should know that although the vast majority of attacks of this type are against banks to gain bank information of users, hackers can use the name and image of any company: Facebook, PayPal, Correos …