People across the UK have to be on the lookout for a dangerous new SMS scam. Several people have received messages informing them of a missed call. The caller left a message, it says in the text. The message then contains a link to supposedly play the recorded message. Unfortunately, the link has a nasty sting – and especially no voicemail.
Yes, instead of directing phone owners to their voicemail, the link directs users to a website that is used to steal sensitive personal information such as credit or debit card numbers, emails, or passwords. Hackers can then use this information to break into online accounts or attempt some other type of fraud – impersonating your bank.
Fraudsters can use some of the details you provided them, like a credit card number, to trick you into believing it was a legitimate call from your bank and tell them the final pieces of information missing – like the CVV number on the back of the card or the answer to a security question to access your online accounts.
The deluge of messages claiming “You have received a new voicemail” is part of an ongoing deluge of SMS scams plaguing the UK. The pandemic has forced millions of us to work from home and change our habits. It has made more people rely on web services like online banking apps, online supermarket stores, and more. That created a greater opportunity for scammers. And they seized this opportunity with both hands.
According to Which? around 60 percent of all Britons are now the target of this SMS fraud. The consumer group has warned that hackers are now operating on an “industrial scale”.
MORE LIKE THAT
Make sure everyone you know knows about this NHS COVID-19 text scam
The mobile networks EE, Three and Vodafone warned all customers of the flood of fraudulent texts.
Text messages that were supposed to look like a missed delivery notification with a link to reschedule the package have been sent to thousands across the UK. With a quick read through, these scams can be easy to fall for. We have all ordered something online and then forgot it again.
And when there are inventory delays or slow shipping, it’s easy to forget when an order is due. Not only that, but when you need to go out to pick up kids from school or go shopping, you want to know exactly when the doorbell is ringing. These text messages use our forgetfulness to trick us into following the link.
Other versions of these scams don’t mention tracking with the link, instead pushing users to click the URL to pay for the unpaid postage for the package.
Between June 2020 and January 2021 alone, Action Fraud – the UK’s national fraud and cybercrime reporting office – received 2,867 crime reports mentioning the delivery company DPD. Similar scams involving Royal Mail, Hermes, and other courier brands circulated over the same period.
This worrying trend is known as smishing – a collective term for fraudulent messages.
The Money Advice Service warns that “Smishing can be difficult to spot, especially when it comes to someone who normally contacts you via text message. But as with email scams, there are some tell-tale signs. For example, there may be spelling errors or the text only speaks to you as sir or madam. Real news from these companies will usually address you by your full name.
“You can also see the phone number it was sent from. First, it’s not the same as it is on your bank card. Second, it could be sent from a foreign number. Scammers don’t just pose as your bank. Sometimes they claim to be from an online account like PayPal or a service you subscribe to like Netflix. There have also been reports of fake text message scams targeting customers of government organizations such as HMRC and DVLA. “
The Money Advice Service, the nation’s largest single financier of debt advice, warns anyone who is suspicious of these reports to avoid clicking links in the text. If in doubt, go directly to the website and log in as usual – if you navigate separately to the Hermes website and enter the order number from the text, it will quickly rumble as a fake. And since you did not follow the link from the SMS, you can be sure that you are on the real website and that your bank details, for example, are secure.
If it’s already too late and you’ve fallen for one of those sprawling text messages, you need to act quickly. First, report the fraud to Action Fraud on 0300 123 2040. If you have entered your payment details on a website or online form that you believe hackers set up, you should contact your bank to request report the bug. This ensures that they are on high alert for any possible scam.
It also means they can provide you with a new card if they think the data is already compromised.