The SMS warning that a false package is being sent or that an attempt was made to deliver without success have become a threat series: If you receive a text message related to the delivery of packages, be alert. From DHL, FedEx, MRW, Correos Express, Envialia … Scammers use the most well-known transport companies to install a malicious app.
One of the scams that is more widespread today is the one that comes through the phone’s SMS posing as a transport company. With a mechanics similar to that of the classics emails of type ‘phising’,, Android is relatively vulnerable since allows to install dangerous applications in a more or less simple way. And that’s what scammers are trying to do: trick you into installing a file to steal your personal data and even the money on the credit card. Let’s see how you can protect yourself.
Extreme caution against any SMS that you are not waiting for
The perfect platform for spoofing scams is text messages or SMS. Since most authentication, payment and shipping alerts arrive this way, it is enough to imitate the style of authentic missives to lead victims to download and install a malware-infected app. That is the mechanism that drives the SMS scam of DHL, MRW, Correos Express and other transport companies, always supplanted.
Since the way to fall for the scam is to click on the links of an SMS, the first thing you should take into account are these messages. If one arrives alerting you of the status of your shipment, and you did not expect anything, it is obvious that the content of the message is surely false, but you may have doubts if you recently bought a product online.
{“videoId”: “x7zq192”, “autoplay”: true, “title”: “The FALSE SMS FEDEX SCAM: This is the HIDDEN VIRUS and how you can REMOVE IT”}
Always question all text messages that reach you and carry out an investigation before agreeing to what they ask of you. Check the status of your shipment, make a new delivery, notice of a pending package… Scammers use urgency and curiosity to trick you.
Never install an application, not even from Google Play
Transportation companies may have an app to contract shipments and facilitate deliveries, but they will not force you to install it to check your orders. Any SMS that you receive indicating that you are accessing a download will almost certainly be a scam.
The scams that we have detected on Android always try to get the victim to install an application. This is downloaded directly from the website to run like any APK: you need to give the browser permission to put it on your Android. Therefore, to avoid problems, avoid installing any files they ask for. Even if the link from the SMS takes you to Google Play.
Make sure the web address corresponds to the transport agency
Scammers mimic the look of the transportation agencies they impersonate. Therefore, when you access the web from the link that appears in the received SMS said page will aesthetically resemble DHL, MRW, Envialia, Correos Express, FeDex and any other transport company whose identity has been impersonated. But the web address or URL cannot be spoofed.
Look at the address of the link, also the one that appears in the search bar. If you cannot see this address do the following:
- Click on the browser menu.
- Click on ‘Share’ and choose your notes application. Or send a message to yourself, for example (Telegram, email …).
- Once the link is pasted, look at the address that appears and compare it with the name of the transport agency. If it is not a mrw.com, fedex.com, dhl.com or similar are trying to scam you.
The web addresses from which malicious applications are downloaded are highly variable as the scam is constantly mutating to bypass the blockades of web servers and search engines. Therefore, in the event that the domain is not clearly seen as belonging to the transport company, completely distrust the page. Even so: as we said in the previous point, never download applications to your mobile just because a website that you came to from a text message asks you to do so.
Monitor the status of orders only from the website where you bought them
Falling for the scam is not that difficult when you are really expecting a package. It is enough to receive a message advising that it could not be delivered for you to panic and access the page that gives rise to the deception. Even it might tempt you to install the app with malware, there is no doubt that the risk of losing a shipment implies anguish and intention to avoid it.
While messaging companies send authentic SMS, it is best to rely exclusively on the customer area where you made the purchase. There you have the list of orders with the tracking numbers and authentic links to the transport websites. So forget the SMS and confirm only through the means that ensure the authentic information.
Activate the spam protection of your message app
A good part of the applications to send and receive SMS have integrated protection against SPAM and fraudulent numbers. Activating this function does not guarantee that you will avoid all attempts at fraud through the impersonation of transport companies, but you do have a greater chance that these messages will not reach you.
The Google messages app has protection against Spam in its settings, for example, also Samsung (in settings, under ‘Block numbers and messages’) or Huawei (in settings, under’ Identification of websites malicious’).
Activating these protections, and blocking the numbers in which you have detected fraud attempts, will help prevent so many false SMS from reaching you and, in addition, you will collaborate so that manufacturers have better trained their databases. You may be aware of scam attempts, but there are many non-tech savvy people who are much easier to fool.
Warn your environment and protect those who know less about technology
Perhaps most of the above points have seemed too obvious to you, but that does not mean that all people know the ways to protect themselves against it ‘phishing‘, come from the middle that come. For this reason, the best way to protect others is to teach them to distinguish which are the authentic SMS and to explain to them that a transport company will never ask for an application to be installed to check an order. Knowing the risks, and knowing how to deal with them, avoid most scams.
In the event that you or someone you know has installed the malicious application on your Android, the first thing you should do is uninstall it. Here we leave you the way to achieve it.
–
The news
How to avoid being a victim of SMS impersonating DHL and other transport companies
was originally published in
Engadget Android
for
Ivan Linares
.