SMS Delivery Scams

SMS Delivery Scams

Bogus missed delivery texts and emails can be used to harvest personal data and lead to fraudulent bank transactions

COVID lockdowns mean a lot less travelling to shops out and a lot more mail deliveries. Delivery notification scams work on the principle of carpet bombing potential targets in the hope that at least some find a mark. In the UK and Europe the increase in mail deliveries has been further complicated by Brexit. Parcels that would previously have been delivered without tariffs might now be subject to fees and most recipients are unaware of what might be legally due.

The ‘mark’ of the scam will receive a message asking for confirmation of delivery details and possible a demand for a small fee. Royal Mail showcase a summary of real scams. Obvious redirect links such as bitly are almost certainly fake. Others such as are believable enough to fool the unwary recipient. The messages can be as email or text. Suspect scams should always be reported. Emails through the mailbox provider and (in the UK) texts by forwarding to Ofcom on to 7726.

The difficulty in tracking the real progress of parcels makes the scam more attractive. Tracking data may not be up to date. Some carriers are notoriously difficult to chase up for delivery details. On-line orders often require telephone and email details so a scam message could coincide with an expected delivery. It is very unlikely that a genuine carrier will send unsolicited demands for fees. In most cases some sort of ‘failed delivery’ note will arrive by post. Suspect emails or texts should not be replied to or links clicked. This will alert the sender that the target is genuine and make the email or phone number more valuable to scammers. Some delivery scams ask for personal details. These only further increase the value of the information available to the criminals. These will be sold on; garnering further spam traffic and causing more problems for the addressee.

The initial fees demanded by the spam delivery requests are small. Criminals have, however, found ways to make substantial profits from individual ‘marks’. A small but believable handling fee may be collected as a credit card payment; the financial details will subsequently be used to make fraudulent purchases or withdrawals.

A more sophisticated ploy is to contact the target soon after a fee is paid posing as their bank investigating suspicious activity.  The ‘mark’ will then be convinced to transfer funds to protect their account from further fraud. It is not unusual for a bank to telephone a customer and to suspend payments if fraud is suspected. It is a necessary but insecure system. There is no easy way to tell if such a call does come from the genuine bank. Any phone numbers or web pages related to that call could also be counterfeit. The system relies on the customer trusting the bank. The only realistic solution is to hang up, find a genuine phone number for the bank and try to verify the original call. Time will be spent tracking down a reliable contact and then possibly on hold during which criminals may have full access to the victim’s funds.

Kindus advise that delivery fees should never be paid unless they have been confirmed by a genuine representative of the delivery company. Ideally this should be handed over only in exchange for the package concerned. Apple for example are very strict on who can take delivery of their products when sent by a delivery carrier. Alternatives can mean travelling some distance to a depot. It is ultimately the responsibility of the seller to provide goods and the carrier to deliver them. If the arrangements imposed by the supposed carrier are not reasonable then the seller should be contacted for details of the delivery.

More from Security


eCommerce Shop Scams

Data from Security Research Labs has revealed a China based fake shopping network that they have named ‘BogusBazaar.’  They claim that: ‘As of April …

Read post


Lockbit Ransomware Takedown

In February 2024 the UK National Crime Agency released details of how the NCA and other international policing agencies had disrupted the actions of …

Read post


UK Cyber security breaches survey 2024

Lies, damned lies, and statistics (attributed to Disraeli) The UK Cyber Security Breaches Survey 2024 was published on 9th April 2024.  Not surprisingly it …

Read post


Digital Gift Card Issues

Both Apple and Google offer gift card services for use on their App stores.  Just as it states on the tin the card can …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus