Gone Smishing: Scammers in the UK Catch Victims by Posing as Courier Firms

Smishing

There is a new text scam sweeping across the UK at the moment where mobile users are falling victim to a smishing scam in which scammers send out messages pretending to be from Royal Mail or other courier firms, stating that a fee must be paid before a parcel may be delivered. A link to a webpage that requests payment information and other personal information is included in the SMS and emails. 

The fraudsters use these to set up accounts or funds in the victim’s name, or to start a more complicated swindle in which they masquerade as a bank employee and persuade the victim to transfer money to an account they administer. You may have also seen the latest news recently around the WhatsApp hijacking of users accounts by posing as a friend and asking for SMS security codes. In a statement, WhatsApp said: “The safety and security of our users and their messages are really important to us. However, just like regular SMS or phone calls, it’s possible for other WhatsApp users who have your phone number to contact you.” 

This inability to lockdown your contacts leaves you open as an end user to a smishing attack and other types of cyber attacks which have been seen over the past few years. 

What is Smishing?

Smishing is a powerful weapon in any scammer’s armory. Even if you don’t know what it’s called, you’ve probably come across it. It doesn’t come in the form of an email or a direct message on social media; instead, it takes a straight route to what may be your most personal device: your phone. So what is Smishing, exactly?

Smishing is a combination of the words “SMS” (short message services, or texting) and “phishing.” Most of the 3.5 billion smartphones in the world can receive text messages from any number in the world. When cybercriminals “phish,” they send phoney emails that attempt to dupe the receiver into opening a malware-infected attachment or clicking on a harmful link. Instead of email, smishing uses text messages. 

What the hackers use as bait

The most prevalent use of smartphones is texting. Mobile users aged 18 to 24 send more than 2,022 texts every month—on average, 67 per day—and receive 1,831 texts, according to Experian.

People are less cautious while they are on their phones. Many people believe that their smartphones are safer than their laptops. However, smartphone security has its limitations and cannot prevent against smishing directly. Cybercrime directed at mobile devices is on the rise, as is mobile device usage, according to WillisWire. Smishers use a variety of ways to trick users into sending private information. They may use basic information about the target (such as name and address) from public online tools to fool the target into thinking the message is coming from a trusted source.

Android smartphones remain the most popular target for malware because there are so many of them, and the platform provides more freedom for customers (and cybercriminals!). However, it’s important to note that smishing, like SMS, is cross-platform. Despite the fact that Apple’s iOS mobile technology has a higher security reputation, no mobile operating system can defend you from phishing-style assaults on its own. Another dangerous factor is that you use your smartphone while on the go, frequently when distracted or in a hurry. When you receive a message asking for bank information or to redeem a promotion, you’re more likely to let your guard down and answer without thinking.

In a nutshell, they’re out to steal your personal data, which they can subsequently use to steal money—usually yours, but sometimes also your company’s. To steal this information, cybercriminals adopt two methods. They could persuade you to download software that will infect your phone. This software could impersonate a legitimate programme, deceiving you into entering personal information and transferring it to cybercriminals. Or, the link in the smishing message could redirect you to a false website where you’ll be requested to enter sensitive personal information that cybercriminals can use to steal your online identity.

How to prevent coming under attack within your organisation

The good news is that the attacks’ possible consequences are straightforward to protect yourself against. Smishing messages are dangerous only if the targeted user acts on it by clicking the link or sending the attacker private data. There are a few things to remember in order to prevent these attacks.

  • You can download a closed Secure Communications app such as Salt Communications to protect yourself and your company’s data from coming under threat from attackers from outside of your organisation.
  • Urgent security alerts, you-must-act-now voucher redemptions, discounts, or bargains should be regarded as warning signals of a hacking effort.
  • You will not receive a text message from a financial institution or merchant requesting you to update your account information or validate your ATM card code. It’s a scam if you receive a message that appears to be from your bank or a merchant with whom you do business and encourages you to click on something in the message. If you have any doubts, contact your bank or merchant immediately.
  • Never click a reply link or contact a phone number in an unfamiliar message.
  • Simply don’t respond if you don’t want to take the bait. 

Sign up for a free trial of Salt Communications or to talk to a member of the team by contacting us on info@saltcommunications.com or visit our website at saltcommunications.com.

About Salt Communications

Salt Communications is a multi-award winning cyber security company providing a fully enterprise-managed software solution giving absolute privacy in mobile communications. It is easy to deploy and uses multi-layered encryption techniques to meet the highest of security standards. Salt Communications offers ‘Peace of Mind’ for Organisations who value their privacy, by giving them complete control and secure communications, to protect their trusted relationships and stay safe. Salt Communications is headquartered in Belfast, N. Ireland, for more information visit Salt Communications.

Share This Post

Explore More

Events

Salt Communications to attend Lexpo 2023

Salt Communications – a Northern Ireland based cybersecurity company who provide secure mobile communications solutions to some of the largest Law Firms worldwide are attending