Fake text messages impersonating well-known delivery companies have risen rapidly in recent weeks, with scammers expected to take full advantage of the upcoming Black Friday retail spree.
Cybersecurity firm Proofpoint has reported a significant recent surge in SMS scams – known as ‘smishing’ – that claim to be from legitimate delivery companies, particularly DHL and DPD.
In Q4 of 2020, Proofpoint found fraudulent courier messages accounted for 16% of all smishing scams, whereas in the same period for 2021 they accounted for 56%. Overall, UK smishing attacks increased by 105% in just one year, so this year’s Black Friday event could see even more threats.
How it works
Smishing messages usually involve informing the victim that their ‘package’ could not be delivered, and that delivery needs to be rescheduled, or that a package is being held and a fee needs to be paid to have it released.
The message includes a link that when clicked on, takes the victim to a phishing page – a fake version of the real delivery company’s website – where the cybercriminals can inflict damage such as installing malware, or asking victims to input card details that they then steal .
Such scams can be quite effective, as people typically order lots over the Black Friday and holiday season, and do not necessarily know which delivery company will be used. Delivery companies quite often send legitimate short-form text messages to their customers too, making it hard to distinguish between the real thing and a scam.
However, a telltale sign is to look at the web link: as the image shows, they often contain odd characters or words and are not as straightforward as their legitimate counterparts, such as ‘’. There would be no reason for a legitimate website to have such characters.
Unsurprisingly, many scams are already starting to take place in the run up to Black Friday. Bitdefender found that the current phishing scams circulating right now include those offering discounts on designer goods, fake gift cards for popular stores and fake surveys promising the latest Android phones upon completion.