This post originally appeared on Daily Express :: Tech Feed
Online shopping has exploded in popularity following the months of lockdown measures across the UK and chances are, you’re becoming pretty familiar with your Postie or local Amazon delivery driver. But while it can be sometimes difficult to keep tabs on when you’re expecting your next delivery – cyber crooks are banking on that to trick you into opening fake messages. Days after mobile networks Vodafone, Three and EE warned customers about a fraudulent text message that claimed to be from DHL, similar scams referencing DHL, Hermes, the Post Office and other firms are back trying to replicate the success of the fake delivery scam.
It’s easy to see why. With a quick skim-read, it can be easy to fall for these scams. We’ve all ordered something online and then promptly forgotten about it. And if there are delays with stock or slow shipping, it can be easy to forget when an order is due. Not only that, but if you need to leave the house to collect kids from school or grab some shopping, you’ll want to know exactly when that doorbell is going to ring.
These text messages prey on our forgetfulness to trick us into following the link.
The latest scam text message tells phone owners click on the link to check when they can expect their order to be delivered.
“Wondering where your order 4017628719 is? Your expected delivery date is 29/04” it then includes a link to a website which it claims is used to track the progress of the parcel. Unfortunately, that’s not what the link does. Instead, it sends you to a scam website designed to trick you into handing over your personal information directly to the cyber crooks.
Another scam message, received by a number of people nationwide earlier this week, claimed to be from delivery firm Hermes. Again, the fraudulent text message is designed to trick people into believing they’ve missed a delivery. It reads “Hermes: We attempted to deliver your parcel today and was unsuccessful, to reschedule delivery please follow the link.” Clicking on the link takes the phone owner to a fake website where they’re told they need to enter their bank details to pay the £1.45 redelivery charge.
This concerning trend is known as smishing – a portmanteau of scam messaging.
The Money Advice Service warns that “smishing can be difficult to spot, particularly if it’s someone who would normally contact you by text. But, like email scams, there are some tell-tale signs. For example, there might be spelling mistakes or the text just addresses you as Sir or Madam. Real messages from these companies will usually address you by your full name.
“You can also look at the phone number it’s been sent from. First, it won’t be the same as the one on your bank card. Second, it might be sent from an overseas number. Fraudsters won’t just pretend to be your bank. Sometimes they’ll claim to be from an online account such as PayPal, or a service you subscribe to, such as Netflix. Fake text message scams have also been reported targeting customers of government organisations such as HMRC and the DVLA.”
The Money Advice Service, which is the largest single funder of debt advice nationwide, warns anyone who is suspicious of these messages to avoid clicking on any links found in the text. If in doubt, go directly to the website and login as normal – navigating to the Hermes website separately and inputting the order number from the text will soon rumble it as a fake. And since you didn’t follow the link from the text message, you can be sure you’re on the genuine website and your bank details are safe, for example.
If it’s already too late and you’ve fallen for one of these growing number of text messages, you need to act fast. First up, report the scam to Action Fraud by calling 0300 123 2040. If you’ve entered your payment details into a website or online form that you believe was set-up by hackers, you should contact your bank to flag the mistake. This ensures they will be on high alert for any potential fraud.
It also means they can provide you with a new card if they believe the details are already compromised.