How to spot a delivery scam

Back in the day, if a company wanted to get in touch, they’d send you a letter, or maybe call you. However, today there are numerous ways to be contacted, which has increased the number of routes scammers can also target you.

What’s more, with the rise of online shopping in recent months due to lockdowns around the world, companies such as FedEx have warned customers that fraudulent shipping updates are being sent impersonating the company and for them to be vigilant.

Before going into detail about delivery scams, it is important to recap what exactly SMS phishing scams are. SMS phishing, or smishing as it is sometimes referred to, is when a fraudster tries to steal your personal information by tricking you with a text message or email that directs you to go to a fake website (that appears legitimate) before asking you to enter personal information, like your bank account login and password.

Often these text messages will have a call to action, for example “we suspect an unauthorised transaction on your account”, or “your payment details for your recent order were declined, review them now”. This form of social engineering often leverages your trust or fear in order to obtain information. For example, the message will say that if you don’t click a link and enter your details then you’ll be charged.

The intention is often for the recipient to click on a link in the message, which either takes you to a phony site that is an exact copy of a delivery company but is maintained by criminals, or where the phone owner is prompted to download a program that allows their phone to be controlled by a hacker. Once you enter your username and password, they have it and can do anything you could do online at retail sites. Typically, they will route you through to the real site after stealing your password, so you do not even suspect anything is amiss.

The problem with SMS phishing is that the text messages can look very convincing (see the example below). SMS’ tend to elicit greater response and urgency than emails. Open rates for SMS near 98%, whereas email can only offer open rates that hover around 20%. Simply put, text messages are more likely to be read than an email. People also seem to trust texts rather than emails, because it’s more difficult for strangers to get hold of mobile numbers compared to email address.

There are some basic things to remember to avoid being smished:

  • Never respond to any emails or instant messages that ask you for personal information or financial details.
  • Don’t click on any links that you cannot guarantee are from the legitimate business. If you want to go check if the delivery is real, go to the company’s website via your browser yourself.
  • If an email asks you to call a number to verify financial information, do not. Instead, use the phone number on the back of your credit card, or your bank’s phone number, who can investigate further.
  • Where possible, use anti-virus and anti-spyware software to flag any suspicious messages or websites.
  • Don’t text back. Responding to the text message can sometimes allow malware to be installed that will silently collect personal information from your phone.

Once you have detected the SMS scam, it is also a good idea to block the phone number to prevent future messages.

Have you received a smishing text? Did you follow our advice? Let us know in the comments below. And, if you found this post useful, why not read some of our others on scams?