Cybercriminals have been trying for years to wipe our account or at least steal sensitive data using a scam method called phishing. However, the last weeks and months have been a real scourge of fraud. When using the telephone and the Internet, it is difficult not to come across more fake SMSs, e-mails or crafted websites that pretend to be shop windows or bank transaction websites.
Recently, “fashionable” among fraudsters was even calling unsuspecting customers and claiming to be employees of banks. In this way, the fraudsters persuaded them to send them transfers for, for example, exceptionally “profitable investments”.
Another wave of fake SMS
Now fake SMS has become a new “fashion”. For several days, Poles have been flooded with thousands of such messages. In one, criminals pretend to be courier companies and offer live tracking of the (non-existent) parcel or inform about the necessity to pay extra for the alleged parcel. In others they claim to be, for example, voicemail.
The Polish Financial Supervision Authority also warns against scammers who send fake messages with links to, for example, malware.
In the last dozen or so days, we have received many such SMS messages to private telephone numbers. In most cases, criminals encouraged people to click suspicious-looking links to track packages that we did not order at all. One text message encouraged listening to the alleged voicemail, but admittedly, the scammers did not make much effort to make the message appear credible.
Fake SMS from scammers photo: own source
Loud in recent days was also incl. about scams “on InPost”. Criminals send messages to random phone numbers informing about the need to pay a small surcharge for the parcel. Of course, there is also a link to a fake website pretending to be InPost and a payment gateway properly crafted by fraudsters.
The purpose of these and many other phishing attacks is, of course, to obtain payment card details, login details for transaction websites or forcing criminals to make a transfer. Regardless of the method, scammers aim to wipe the account of unknowing or simply inattentive phone users.
How to protect yourself from SMS phishing
Contrary to appearances, many people are deceived by SMS scams. It is enough to read the message inattentively, click the link without checking it and hurry to “log in” to the bank account. For example, rushing to work, you can lose a large amount in this way.
Meanwhile, the basic method of defense against phishing is … common sense. You cannot act lightly when receiving these types of SMS. Better to wait and read the message carefully in your spare time. The scam can be detected in seconds.
First of all, almost every message of this type is written without the use of Polish characters (you have to be careful here, because these real messages sometimes do not contain Polish characters either). Linguistic errors, random special characters and missing details of the alleged package are also common.
In fact, the courier company, when contacting the customer by SMS, will provide, for example, the parcel number, sender’s name or the courier’s telephone number. Hiding this type of information is unlikely to be in its best interest.
The obligatory element of every fake SMS is, of course, a link. It is worth paying special attention to him, because he usually looks very suspicious. Before clicking, let’s consider why a recognized Polish shipping company would register its own website using random English words, such as: delivery, online, site, or tracking. Or even a random string of letters, numbers and special characters.
Why would the Polish e-commerce giant use a website in the domain of e.g. Salvador, and a well-known American transport company would set up its website in the domain, for example in Russian? If we are unsure, it is better to check what the actual website address of the company looks like.
I clicked on the link. What to do?
If you have already clicked the link rashly, under no circumstances should you enter any sensitive data or download files. However, if you have provided criminals with this information, your first step should be to contact your bank urgently. Perhaps the hotline employees will be able to block the transfer that has been sent to our account of the criminal or block the bank card before the fraudsters use it.