It's easy to lose your guard during Christmas shopping. During this period, fraudsters count on successful hunting. When ordering gifts by courier or via a parcel locker, it is easy to confuse an authentic message about a parcel from a courier with one from a fraudster. Here are some examples of text messages you should watch out for.
In the near future, many of us may receive information about a shipment that, for some reason, cannot reach us. However, many of them will not concern the shipment. This may be another way for fraudsters to extort data and clear our account.
The most popular parcel fraud is messages informing about the suspension of parcel delivery due to underpayment. The amounts given are usually small. It's usually just a few dozen cents. The message contained links to websites where the alleged payment for the package was to be made. In fact, the unsuspecting customer is directed to websites that impersonate the websites of banks or payment intermediaries.
READ ALSO: They scare, manipulate and make people fall in love. This is how scammers work
How does fraud work?
The scheme of cyber fraudsters' operation is based on mass sending of text messages with information about alleged problems with the delivery of the parcel. Criminals impersonate well-known companies that deliver parcels to gain confidence in their potential victims. They try to trick recipients into filling out their details online on a fake website linked to in the message.
However, it is not always about paying extra for shipping. Scammers are very creative and have many ideas to weaken our vigilance. The message may concern: application update, parcel pickup code, address errors, failed delivery attempt or shipment weight.
Here are examples of messages that may be dangerous (original spelling):
- “Your parcel has been held because the street number is missing on the parcel. Update shipping information: (here is a link redirecting to the fake courier website)”.
- “Delivery attempt failed. Select reshipment options: (link)”
- “An additional fee is required for package insurance. Pay extra for: (link)”
- “Your parcel has been placed in the parcel locker. You will receive the pickup code after updating the application: (link)”
- “Due to the weight of the ordered shipment, an additional payment is necessary. Pay extra here: (link)”
- “Your order has been suspended due to underpayment for the shipment. Please pay your dues: (link)”
- “You have an online parcel that cannot be delivered due to an invalid address. Click to change address (link)”
What happens when you click on a link from a scammer
The link included in the message takes the potential victim to a website that confusingly resembles the real websites of courier companies. There is a fake form there, which is most often used to capture sensitive data.
This is how cybercriminals encourage you to enter your payment card details, which they use to steal money from the victim's account.
How to protect yourself against parcel fraud?
Above all: take your time and think! We should be vigilant about any messages that put pressure on time, ask for urgent action or contain linguistic errors.
Turn on suspicion! In most cases, messages from scammers are poorly written and do not contain Polish characters.
Don't click on the link! If you want to check the parcel, go to the appropriate courier website and check the status of the shipment.
Don't pay for a package you didn't order! It happens that criminals send packages that no one ordered and which must be paid for. Most often, the recipients are companies or people who often use the services of courier companies.
Change your passwords! If you suspect that you have fallen victim to phishing (opened a suspicious attachment or visited a fake website), you should immediately change the passwords to your accounts. If you need to provide financial details, please contact your bank. It is also necessary to report the incident – in Poland there are several institutions dealing with online fraud.
In addition to the police, you can contact CERT Polska: – via the website https://incydent.cert.pl/
– in the application mObywatel – Safely on the Internet service
– Suspicious SMS messages with links can be reported to No. 8080.
Secure your phone! You should also scan your devices with an antivirus program, as clicking on a suspicious link may have downloaded malware.
New functions in the mObywatel 2.0 application
To meet the needs of users, the Ministry of Digitization has introduced a new function for reporting cybersecurity incidents in the mObywatel 2.0 application. It allows you to report suspicious websites, e-mails and text messages. Reports go directly to experts from CERT Polska who analyze and eliminate threats.
Main photo source: Shutterstock, Polish Police