Fake text messages impersonating well-known delivery companies have risen rapidly in recent weeks, with fraudsters expected to take full advantage of the upcoming Black Friday shopping holiday.
Cyber security firm Proofpoint has reported a significant increase recently in SMS scams – known as ‘smishing’ – pretending to be from legitimate delivery companies, notably DHL and DPD.
In the fourth quarter of 2020, Proofpoint found that fraudulent couriers made up 16% of all smishing scams, while in the same period for 2021 they made up 56%. Overall, UK smishing attacks increased by 105% in just one year, so this year’s Black Friday event could see even more threats.
How it works
Smishing messages usually involve informing the victim that their ‘package’ could not be delivered and that delivery needs to be rescheduled, or that a package is being held and a fee must be paid to have it released.
The message contains a link that, when clicked, takes the victim to a phishing page – a fake version of the real delivery company’s website – where the cybercriminals can inflict damage such as installing malware or asking victims to enter card details that they then steals .
Such scams can be quite effective as people typically order lots during Black Friday and the holiday season and don’t necessarily know which delivery company will be used. Delivery companies quite often send legitimate SMS messages in short form to their customers, making it difficult to distinguish between the real thing and a scam.
However, a telltale sign is to look at the web link: as the image shows, they often contain odd characters or words and are not as straightforward as their legitimate counterparts, such as’. There would be no reason for a legitimate site to have such grades.
Not surprisingly, many scams already begin to take place in the run up to Black Friday. Bitdefender found that current phishing scams circulating right now include those offering discounts on designer goods, fake gift cards for popular stores, and fake surveys promising the latest Android phones when they’re ready.