In an alarming trend seen across the UK, fraudsters are exploiting the convenience of SMS to perpetrate smishing and phishing scams. Particularly during festive periods, when parcel deliveries spike, these fraudsters send deceptive ‘missed parcel’ messages. The catch? These messages contain dangerous malware.
Identifying and Responding to Malware Infections
These scam SMS messages cleverly disguise themselves, prompting recipients to download what seems to be legitimate delivery or parcel tracking apps. However, the truth is more sinister. These apps are, in reality, malware. Once installed, they act as digital thieves, stealing banking details, passwords, and other sensitive information. The malware’s reach extends further, infiltrating your contact list and perpetuating the scam.
Recognising malware on your device can be complicated. If you suspect you’ve inadvertently installed such software, immediate action is crucial. Avoid logging into any accounts, as this could expose your details to the malware. The most effective countermeasure is a complete factory reset of your device.
Performing a factory reset is usually accessible through your phone’s Settings menu. Since procedures vary by device, refer to the manufacturer’s website for precise instructions. Remember, a factory reset will erase all personal data, including contacts, photos, and apps. Changing any passwords used during the reset process is also advisable.
Reinforcing Account Security
If you’ve accessed any accounts post-malware installation, changing passwords is imperative. Aim for unique passwords for each account. To manage this array of passwords, consider using a password manager. Additionally, enable two-step verification (2SV) where possible. The National Cyber Security Centre offers excellent advice on creating strong passwords using a three-random-word strategy.
To sidestep potential scams, always track parcels through the official websites of delivery companies. Below is a list of significant delivery services for direct access. Alternatively, use their official apps, but ensure to download them from recognised app stores like Google Play or the Apple App Store.
How to safely check for missed parcels
Even if you are expecting a parcel, a safer way of tracking its status is to use the official website of the delivery company. We’ve listed the major delivery company websites below.
- DHL Track a Parcel (https://track.dhlparcel.co.uk/)
- DPD Track It (https://www.dpd.co.uk/service/)
- Evri Track Your Parcel (https://www.evri.com/track-a-parcel)
- FedEx Tracking (https://www.fedex.com/en-gb/tracking.html)
- Royal Mail Track your item (https://www.royalmail.com/track-your-item)
- UPS Track (https://www.ups.com/track?loc=en_GB&requester=ST/)
- Whistl Parcel Tracking (https://trackmyitem.whistl.co.uk/tracking)
- Yodel Track your parcel (https://www.yodel.co.uk/track)
Alternatively, you can use the delivery company’s official app to track deliveries. Only download these from an official app store (such as Google Play, the Apple App Store, or the Samsung Galaxy Store).
Reporting Suspicious Smishing Attempts
If you encounter a suspicious ‘missed parcel’ SMS, take action by reporting it. Forward the message to 7726, a free service offered by mobile operators. The importance of swiftly reporting smishing and phishing messages cannot be overstated. These messages often serve as the front line of phishing scams, aiming to defraud individuals by stealing personal information or installing malware.
Firstly, it aids in quickly identifying and mitigating the spread of these fraudulent schemes, protecting the individual who reports it and the wider community. Secondly, it provides valuable data to law enforcement and telecom providers, enabling them to track, understand, and ultimately combat these fraudulent activities more effectively. Timely reporting is a crucial step in the collective effort to enhance fraud prevention and maintain digital safety.
Understanding the Threat of Phishing Scams
This type of malware, known as a ‘banking trojan’, is exemplified by the notorious FluBot. It tricks users into installing what they believe are official apps, which then secretly monitor online activity and steal personal information. This stolen data can be used for various online crimes, particularly fraud. If you encounter a suspicious website or email, report it immediately to the NCSC. They also provide a Suspicious Email Reporting Service (SERS) for reporting questionable emails.
Staying ahead in the battle against fraud is vital, particularly with the pervasive threat of phishing and smishing scams. These scams are not just mere inconveniences but gateways for fraudsters to wreak havoc. A single misguided click can be catastrophic, granting these criminals unfettered access to your most sensitive assets. This includes bank accounts, utility services, pension funds, and any other financial accounts under your name. The consequences of falling prey to such scams are far-reaching, potentially leading to significant financial loss and emotional distress. Hence, proactive vigilance is essential to safeguard your economic well-being and personal security.