Sky has warned its customers to be on the lookout for a dangerous scam sent via SMS. Anyone who receives the scam message, which claims to be from DHL and has a quick link to track an upcoming delivery, should block the number, send a report to Sky’s scam team, and then delete the text for good.
The alert was shared using the @ SkyHelpTeam account on Twitter, which is used to provide information to Sky Mobile, Sky Broadband and Sky Q customers who are experiencing issues. It reads, “We are aware of a new fake text / SMS messaging scam.” The tweet includes a link to a detailed blog post on scams targeting Sky Mobile customers and adds, “Follow Do not follow the links in suspicious text messages. Report suspicious texts by forwarding them to 7726. Block the number and delete the text. “
This scam message promises details of an online order for delivery with DHL. However, when phone owners click the link to get the delivery information, they are redirected to a spam website trying to download malware onto their device. If you are using an iPhone, the malware cannot infect your device so there is no risk of visiting the website. This is because Apple doesn’t allow users to install apps from the internet. Only the App Store can install new software. However, if you are using an Android smartphone or tablet and click the link, FluBot will start a download.
The ability to download apps using files known as APKs leads many people to choose Android over iPhone. This means that you are not limited to a single app store and can download software that customize the operating systems in ways that Google or Apple may not allow. However, downloading from outside the Google Play Store or App Store carries some risks.
FluBot is spyware that steals passwords and other sensitive data from your smartphone. Given the amount of personal information we store on our smartphones, from banking apps to credit card numbers, text messages to friends and teased family photos, you really don’t want malicious software scouring your files.
Worse still, if your Android device is infected, FluBot will search your contact details to send out more fake DHL, Hermes, or other delivery scams in an attempt to further spread the spyware.
If you’ve read this a little late and already clicked the link, it’s easy enough, especially if you’ve shopped online and lost track of which couriers will process your orders – the team at Sky Mobile has some advice for your next steps. On its blog, it warns: “If you’ve already followed a link and provided details and / or agreed to download something, your phone may be infected with malware.
“The wireless industry recommends that you factory reset your device to remove it. After doing this, avoid restoring any backups that you made after the phone was infected to ensure that malware is completely removed. Android users should avoid downloading third-party apps from unknown sources through the settings and make sure that the Google Play Protect feature is enabled. If you have given bank details or used banking apps on your phone, we recommend that you inform your bank. “
Samsung is blocking all Android updates from some Galaxy smartphones
This trend is known as smishing – a portmanteau of scam messaging.
The Money Advice Service warns that “Smishing can be difficult to spot, especially when it comes to someone who normally contacts you by text. But as with email scams, there are some tell-tale signs. For example, there may be spelling errors or the text only addresses you as sir or madam. Real news from these companies will usually address you by your full name.
“You can also look at the phone number it was sent from. First, it’s not the same as the one on your bank card. Second, it could be sent from a foreign number. Scammers don’t just pretend to be your bank. Sometimes they claim to be from an online account like PayPal or a service you subscribe to like Netflix. Fake SMS scams targeting customers of government organizations such as HMRC and DVLA have also been reported. “
The Money Advice Service, which is the largest debt counseling funder in the country, warns anyone suspicious of this news not to click any links in the text. When in doubt, go straight to the website and log in as you normally would. If you navigate to the DHL website for order tracking at your own request and enter the order number from the text, it will soon be displayed as a fake.