Cybersecurity 11 h ago0Add to bookmarks

Coming into force on July 1, 2026, the new European tax on low-value parcels creates exactly the confusion that "parcel held" phishing campaigns thrive on. Numerama documents an already established wave.
Since July 1, 2026, the European Union has applied a new tax on low-value parcels imported from outside the EU - a measure taken to rebalance competition with Asian e-commerce platforms (Shein, Temu, AliExpress). In concrete terms, an increasing share of orders that previously arrived "duty paid" are now subject to regularization upon delivery.
Numerama documents the operational result on the side of cybercriminals: a surge in SMS and phishing emails exploiting this confusion, following the model "Your parcel is being held pending payment of customs duties. Click here to pay 2.99 €". The link leads to a fake form that collects bank card details, coordinates, and sometimes banking credentials for a more advanced scam.
This is a textbook case of "policy-induced fraud surface" - when a regulatory decision, correct on paper, opens a new category of scam perfectly socially legitimized. The scenario ticks all the boxes:
We had already seen the same mechanism in 2021 with the massive deployment of home deliveries during the Covid, then with the switch to contactless payments. With each evolution of use, a wave of themed phishing.
French (Cybermalveillance.gouv.fr) and European authorities have issued alerts. They will not be enough to stem the wave - the experience of 2021-2022 showed that these "parcel" campaigns remain among the most profitable in the criminal portfolio.
For users, single rule:
For companies: update the database of examples used in anti-phishing training with these "EU tax" variants. Awareness in the week following such news has a significantly better retention rate than the generic annual training.
Article produced by artificial intelligence, reviewed under human editorial control.