You just received what appeared to be an IncaMail from a Ms Vera Engel. It was about a request you had supposedly made. You became curious and clicked on the link in the e-mail and then logged into the website that appeared.
You could easily have seen through this particular attack, as the sender address (vera.engel@post-internal.ch) was fake. The domain “post-internal.ch” is not a Swiss Post domain. Nor do you know this person, because there is no one by the name of Vera Engel working at Swiss Post.
The link in the e-mail also pointed clearly to an unencrypted website, which could be identified from the missing https:// at the start of the link.
If you still chose to click on the link, you were redirected to a website that looks a lot like the IncaMail login page. Here, again, you could see that the website was unencrypted (the padlock in the browser address bar was missing). It was also obvious in the address bar that the domain (incamail.post-internal.ch) was fake. The website had no other functions at all besides the login.
Never enter your password on unfamiliar websites or unknown login screens!
Note: This attack was part of a Swiss Post awareness campaign. No data was transferred and no malware was installed.
Tabs
Preventing the attack
Just clicking on a link in an e-mail can put you in danger. Be wary of all e-mails that arrive in your inbox:
- How does the sender know your address and why are you receiving the e-mail?
- Do you know the sender, does the content make sense and does the language sound like the sender?
- Are you being pressured into doing something or is something being offered to you in a suspicious manner?
How hackers operate
Hackers use a good story to try to get their victims to click a link. The link takes you to a website somewhere on the Internet, where malicious software may be waiting to exploit existing vulnerabilities on your computer without you doing anything more, causing a great deal of damage.
You were also asked to enter your Swiss Post username and password on the site. In phishing operations of this kind, this access data falls directly into the hands of the attackers, and they could use it to try to access Swiss Post’s webmail and gain access to any unprotected information.