The police are warning of a new scam via text message: "Your parcel requires payment of customs duties ..." This text message landed on the cell phone of a 68-year-old man from Menden. He had just ordered goods from a large online department store. He therefore thought the short message was genuine.
The man from Menden followed the link and ended up on a replica website. Both the domain and the appearance gave the impression that it was from Deutsche Post. He entered his personal details there, including his credit card number. On Saturday, he became suspicious that it could be a fraudulent text message. He blocked his credit card and filed an online complaint with the police. It is not yet known whether any financial loss was incurred.
In the current case, the perpetrators seem to have set out to collect data. They demand a small "customs fee" of 2.99 or 3.99 euros. The link in the text message leads to a deceptively real replica page, with the old "post horn" but in a yellow design with all kinds of information. Some links lead to the real DHL pages, others only produce an error message. However, entering the "shipment number" works. In the next step, the victims are asked to enter their names, email addresses, telephone numbers, address and later their payment details.
Aim: to steal data
Accounts or credit cards are not always actually debited. However, cyber criminals can use the data to steal identities or launch further phishing campaigns.
Smishing has many variants
Fraudulent text messages or messenger messages are not a new phenomenon. Derived from the abbreviation SMS and the word phishing (for the theft of access data), the term "smishing" has become commonplace. Since the coronavirus pandemic in particular, fraudsters have increasingly been working from home. They send messages to randomly selected cell phone numbers and are constantly developing new variants. In 2021, countless victims followed a link in a parcel text message to a website that appeared to be infected with a virus. The fraudulent text messages were then sent from the victims' cell phones to their contacts - a kind of dynamic chain letter. Because many people were doing more online shopping during the pandemic and were actually expecting parcels, they were quickly tempted to click. Victims often only noticed when they received their cell phone bill. In another smishing variant, delivery charges are demanded or there were allegedly problems with the delivery of a parcel. The perpetrators use the names of practically all parcel services.
What to do
- The police warn against following such links. The message should be deleted.
- Under no circumstances should any apps or programs be downloaded in this way.
- If you want to prevent this, you should set up a third-party block with your mobile network operator. This prevents additional charges from other services being collected via the cell phone bill.
- Are you actually expecting a parcel? Compare the consignment number possibly given in the text message with the one from your online shipper.
And if it has already happened?
- Inform your bank or credit card provider and have your card blocked
- Have you installed an app via one of these channels? Switch your cell phone to flight mode so that it can no longer receive commands from outside or send unauthorized text messages. Then reset your cell phone to factory settings. Private data may be lost in the process.
- Change ALL passwords. Activate two-factor authentication for all accounts that support it.
Further information
Further information can be found at www.polizei-beratung.de.
There is a checklist from the Federal Office for Information Security at https://www.polizei-beratung.de/fileadmin/Dokumente/Phishing-Schutz-Checkliste-Ernstfall-BSI-ProPK.pdf.