Latest Threat: bpost "Unpaid Customs Fees" Phishing Scam

A pervasive phishing campaign is currently impersonating bpost, the Belgian postal service, targeting users with fake delivery failure notifications. The email claims that a package could not be delivered on February 9, 2026, because customs duties of 4.95 EUR remain unpaid.

This scam specifically targets residents who may be expecting international shipments, using a relatively small "fee" to lower the victim's suspicion and provoke an immediate payment.

How to spot this phishing attack:

1. The Link is Not bpost: The "Payez les droits de douane maintenant" (Pay customs duties now) button redirects to a mobile deep-link URL: 53gbm.app.link/6SIH7O0kB0b. Official bpost payments for customs are only handled through the verified bpost.be domain or the official bpost app.

2. Generic and Placeholder Content: The email uses a generic "Bonjour" greeting rather than a specific name. Additionally, the tracking number provided (3601918284740465) is a static placeholder used in mass-mailing templates.

If you receive this email, do not click the link and do not provide your credit card details. Delete the message immediately. If you are genuinely expecting a package, use the official bpost website and type the tracking number in manually.