The National CERT of the Republic of Serbia wishes to inform the public that a new phishing campaign against users of postal services is under way, during which the users can receive an email notification about the arrival of the user‘s parcel, which supposedly could not be delivered due to an unpaid customs fee in the amount of 36.14 dinars. The message is sent from a fake address: Post of Serbia ''Postas@’’@posta.rs, with an email subject: Your parcel could not be delivered on April 7, 2021 due to unpaid customs fee in the amount of 36.14 RSD. The email further asks the user to click on the link stating ''In order to confirm delivery of your parcel, please click here'', after which the user is to receive a delivery confirmation email or SMS for the item. By clicking on the offered link, the user is then transferred to a fake page posing as the Post of Serbia online payment page, where the following personal data are required to be entered: credit card number, name and surname, credit card expiry date and CVV2/CVC2 numbers. All the information supplied by the user on the fake form/page can end up being abused.

The National CERT advises all users who have possibly received similar emails neither to open them, nor to disclose their personal details, but to delete such emails permanently.