The Newest Scam in Town

Remember the saying, "There's an app for that."? Well now it seems that may apply to text messages too. Getting a code for your multi-factor authentication? Text Message. Getting package delivery update? Text Message. Miss a payment? Text Message. Legitimate companies know we are much closer to a text than an email. And now, so do scammers.

The scam may go something like this: "Your package is being held until we can confirm your shipping details. Click [here] to confirm." Once you click, a world of possibilities awaits. The link can take victims down a myriad of fraud paths including:

  • Entering credit card details
  • Entering credentials (e.g., Amazon, UPS, FedEx)
  • Download [malicious] software
Attackers could also just be fishing for 'live' phone numbers to sell or use in other scams. The possibilities really are endless but no matter the attacker's plan, the advice remains the same. Don't click.

The real danger is in the link itself. Most of these scams use a shortened URL. Short links (e.g., bit.ly) are intended to allow people to include long links in short spaces (think tweets). Unfortunately, they also mask the true destination of the URL and can be hard (if not impossible) to know where you will end up after all the trackers and redirects are processed.

There are many variations of SMS scams to be aware of. Here are some other commonly used scams to be aware of:

Wrong number or unknown acquaintance scam – attackers send texts pretending to be a friend or a friend of a friend in an attempt to get you to engage.

Bank account closing / locked debit card scam – attackers send texts intended to elicit fear and hasty, poor decisions by stating your account is closing or your cards are frozen in an attempt to lore you to click their hyperlink to mitigate the issue.

Unfortunately, attackers are creative. Scammers are constantly evolving their attacks and methods. Stay vigilant and trust your instincts if something seems off; do not trust a message just because you see a familiar area code.

So back to the advice: Unless you are absolutely sure the message you received is legitimate, it may be best to ignore the link in the message. Attackers prey on fear and greed, so winning gift cards and losing packages make great pretexts. Don't become a statistic.

The Interview

Send Us Your Comments

What did you think of this article? Send us a note to let us know what you liked, would like to see more of, or what we can do better. And don't be surprised if we reach back out with a small 'thank you' gift for your feedback.

SEND

Newsletter

Want 7x Second Security and other info straight to your inbox? We'll never send boring content.