Online shopping has grown in popularity across the UK after months of lockdowns and there is a chance that you could familiarize yourself with your Postie or local Amazon delivery driver. While it can sometimes be difficult to keep track of when you’re expecting your next delivery, cyber crooks rely on it to trick you into opening fake messages. Days after cellular networks Vodafone, Three and EE warned customers about a fraudulent text message allegedly from DHL, similar scams referring to DHL, Hermes, the Post and other companies are trying to replicate the success of the bogus delivery scam.
It’s easy to see why. With a quick scan, these scams can be easy to fall for. We all ordered something online and then immediately forgot about it. And when there is inventory delay or slow shipping, it can be easy to forget when an order is due. Not only that, but when you need to go out to pick up kids from school or go shopping, you want to know exactly when the doorbell is going to ring.
These text messages are victims of our forgetfulness to trick us into following the link.
The latest scam text message tells phone owners that they can click the link to check when they can expect their order to be delivered.
“Wondering where your order 4017628719 is? Your expected delivery date is 29/04 ”. It then contains a link to a website that claims to be tracking the progress of the package. Unfortunately, that’s not what the link does. Instead, you will be redirected to a scam website designed to trick you into giving your personal information directly to the cyber crooks.
MORE LIKE THAT
One million Android users have been hacked by the “most sophisticated” attacks of all time
Another scam message received from a number of people across the country earlier this week allegedly came from the delivery company Hermes. Again, the fraudulent text message is meant to trick people into believing that they missed a delivery. It reads: “Hermes: We tried to deliver your package today, but were unsuccessful. To postpone delivery, please follow the link.” Clicking the link takes the phone owner to a fake website telling them to enter their bank details in order to pay the £ 1.45 return postage fee.
This trend in question is known as smishing – a portmanteau of scam news.
The Money Advice Service warns that “Smishing can be difficult to spot, especially when it comes to someone who normally contacts you by text. But as with email scams, there are some tell-tale signs. For example, there may be spelling errors or the text only addresses you as sir or madam. Real news from these companies will usually address you by your full name.
“You can also look at the phone number it was sent from. First, it’s not the same as the one on your bank card. Second, it could be sent from a foreign number. Scammers don’t just pretend to be your bank. Sometimes they claim to be from an online account like PayPal or a service you subscribe to like Netflix. Fake SMS scams targeting customers of government organizations such as HMRC and DVLA have also been reported. “
The Money Advice Service, which is the largest debt counseling funder in the country, warns anyone suspicious of this news not to click any links in the text. When in doubt, go straight to the website and log in as you normally would. If you navigate to the Hermes website separately and enter the order number from the text, it will soon show up as a fake. And since you did not follow the link from the text message, you can be sure that you are on the real website and that your banking details, for example, are safe.
If it’s already too late and you’ve fallen for one of those growing numbers of text messages, then you need to act quickly. First, report the scam to Action Fraud on 0300 123 2040. If you have entered your billing information on a website or online form that you believe was set up by hackers, you should contact your bank to get it report the bug. This ensures that they are on high alert in the event of potential fraud.
It also means they can provide you with a new card if they think the details are already compromised.