SMS Delivery Scams

SMS Delivery Scams

Bogus missed delivery texts and emails can be used to harvest personal data and lead to fraudulent bank transactions

COVID lockdowns mean a lot less travelling to shops out and a lot more mail deliveries. Delivery notification scams work on the principle of carpet bombing potential targets in the hope that at least some find a mark. In the UK and Europe the increase in mail deliveries has been further complicated by Brexit. Parcels that would previously have been delivered without tariffs might now be subject to fees and most recipients are unaware of what might be legally due.

The ‘mark’ of the scam will receive a message asking for confirmation of delivery details and possible a demand for a small fee. Royal Mail showcase a summary of real scams. Obvious redirect links such as bitly are almost certainly fake. Others such as royalmail-redelivery.support are believable enough to fool the unwary recipient. The messages can be as email or text. Suspect scams should always be reported. Emails through the mailbox provider and (in the UK) texts by forwarding to Ofcom on to 7726.

The difficulty in tracking the real progress of parcels makes the scam more attractive. Tracking data may not be up to date. Some carriers are notoriously difficult to chase up for delivery details. On-line orders often require telephone and email details so a scam message could coincide with an expected delivery. It is very unlikely that a genuine carrier will send unsolicited demands for fees. In most cases some sort of ‘failed delivery’ note will arrive by post. Suspect emails or texts should not be replied to or links clicked. This will alert the sender that the target is genuine and make the email or phone number more valuable to scammers. Some delivery scams ask for personal details. These only further increase the value of the information available to the criminals. These will be sold on; garnering further spam traffic and causing more problems for the addressee.

The initial fees demanded by the spam delivery requests are small. Criminals have, however, found ways to make substantial profits from individual ‘marks’. A small but believable handling fee may be collected as a credit card payment; the financial details will subsequently be used to make fraudulent purchases or withdrawals.

A more sophisticated ploy is to contact the target soon after a fee is paid posing as their bank investigating suspicious activity.  The ‘mark’ will then be convinced to transfer funds to protect their account from further fraud. It is not unusual for a bank to telephone a customer and to suspend payments if fraud is suspected. It is a necessary but insecure system. There is no easy way to tell if such a call does come from the genuine bank. Any phone numbers or web pages related to that call could also be counterfeit. The system relies on the customer trusting the bank. The only realistic solution is to hang up, find a genuine phone number for the bank and try to verify the original call. Time will be spent tracking down a reliable contact and then possibly on hold during which criminals may have full access to the victim’s funds.

Kindus advise that delivery fees should never be paid unless they have been confirmed by a genuine representative of the delivery company. Ideally this should be handed over only in exchange for the package concerned. Apple for example are very strict on who can take delivery of their products when sent by a delivery carrier. Alternatives can mean travelling some distance to a depot. It is ultimately the responsibility of the seller to provide goods and the carrier to deliver them. If the arrangements imposed by the supposed carrier are not reasonable then the seller should be contacted for details of the delivery.

More from Security

03/09/2024

Google and Facebook Single Sign On (SSO)

Single Sign On (SSO) options are commonly seen through providers such as Google, Facebook and to a lesser extent Apple.  There are also less …

Read post

13/08/2024

Ransomware in Healthcare

The ThreatLabz 2024 Ransomware Report highlights the relative susceptibility of the healthcare industry to ransomware attacks.  312 attacks on the Healthcare industry were reported …

Read post

29/07/2024

Bad Bots

Kindus has discussed the role of bots on the Internet and how webmasters can use ‘robots.txt’ to control them.  Unfortunately many bots do not …

Read post

22/07/2024

Lessons from the Cloudstrike Outage

On July 19, 2024 at 04:09 UTC, CrowdStrike released an update for ‘Falcon Sensor 7.11’ or above to Windows systems.  This caused a system …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Categories