A texting (SMS) phishing scam is victimizing folks in the UK with fraudulent notifications that look like they are from the Royal Mail postal service, The Sun reports.
The messages look authentic and are even personalized, addressing each recipient by their real name and informing them that they’ve been selected to receive a free iPhone 11 Pro.
Here’s the catch, In order to receive their prize, the recipient is asked to enter their address and their debit card details in order to pay the £2 shipping insurance fee.
Peter Draper from cybersecurity company Gurucul explained what an attacker could do with this information.“This is just another version of a phishing scam but using text instead of email,” Draper said. “The goal appears to be information gathering and, without a doubt, to obtain people’s full payment card details. If the recipient provides their card details and CVV, then the bad actor has what they need. They can then use to either spend on the card or, better still, sell the details to multiple bad actors. In the worst case scenario the details can be used to steal an identity and apply for credit, etc.”
One of those duped by the scam posted a screenshot showing that he received the phishing text in the same thread as legitimate package tracking messages sent by Royal Mail.
It’s a great reminder how important it is to know how to spot a scam even if it appears to come from someone you trust.
KnowBe4’s Javvad Malik told The Sun how to avoid falling for one of these schemes.
“The simple reminder for people is that if it looks too good to be true, it usually is,” Javvad said. “It’s highly unlikely a company will give away such a valuable item without even having entered a draw or competition. People should resist clicking unsolicited links in emails and SMS, and if they do click and go to a site, they should definitely not enter any personal or financial information. If in doubt, people should directly contact the company the communication claims to have originated from and verify if it is a genuine communication.”
One of the best ways to protect your business and self from scams like this is ongoing cybersecurity awareness training. Contact DarkHound SecOps for more information and to schedule your training at [email protected].
Image source: https://www.pexels.com/photo/selective-photo-of-2-deck-bus-near-people-163037/