EN
This article is from Trend Micro.
SMS phishing, text message phishing, and “smishing“? These terms all mean the same thing – they are the scams cybercriminals use to try to steal your personal information using messages with phishing links. This article will introduce 4 SMS phishing scams in detail, including ones related to Walmart, DPD, Amazon, and an unknown “payment sent” notification. Have you ever seen anything similar in your inbox? Check out how these viral scams work and learn the tips to avoid them!
Last week we saw Walmart online survey scams. However, these phishing text messages have taken on a new form. This week we’ve detected over 4,000 phishing URLs embedded in fake Walmart text messages in which scammers prompt you to click on a phishing link, falsely claiming that you have to “confirm” or “arrange” your package delivery through it:
The fake page says you’ve won an iPad Pro, but that you have to enter some detailed personal information before you can arrange delivery, including your phone number, address, and even credit card information. Obviously, you’ll never get to see that iPad Pro, and your sensitive data will end up in the scammers’ hands!
Besides Walmert, delivery companies such as FedEx, DHL, and DPD are also regularly impersonated by scammers conducting phishing scams. Have you received a text message from DPD that says your package hasn’t been delivered successfully? Be cautious and don’t click on anything!
Scammers prompt you to “book a redelivery” via a phishing link attached:
DPD SMS phishing. Source: Twitter
Content
DPD:We are sorry your parcel cannot be delivered due to an unpaid shipping fee. Visit: hxxps:// dpd[.]deliverv6tl.c om/fee/to book a redelivery.
If you click on the phishing link, you will be taken to a phishing website (e.g. fake DPD site) where scammers can record any information you enter. You will probably be asked to pay money for “delivery” and thus have your credit card information stolen.
Got a strange text message that reads something like “You just sent a payment to David Williams for $19.50 USD. We couldn’t confirm it’s you, Sign in for more detail?” Lots of people have reported seeing similar messages containing suspicious bit.ly links recently. Again, don’t click on anything!
"You just sent a payment” notification phishing. Source: Reddit
Scammers falsely claim that you have “sent a payment” to somebody and encourage you to click on the embedded link. The link is, as you might’ve guessed, a phishing link. If you click on it, you will be led to a phishing page where scammers trick you into entering personal credentials which they will use to commit identity theft!
Here comes our old friend – Amazon scams. Amazon scams have been popular with scammers looking to exploit people for a long time. With various excuses, scammers try to prompt you into clicking on the phishing links in their text messages. Here are some examples:
Amazon: Your order #4323316 status changed – Delivered! Track here: <URL>
Delivered: Your Amazon package with Jolen creme bleach pot 30ml was delivered. More info at <URL>
HI, Make in India & Ship to the world. Register Now with Amazon Global Selling <URL>
Open Digital Savings A/c by Axis Bank in just Rs. 590 & fund later. Get flat 5% extra cashback on Flipkart & Amazon. Open now <URL>
Your Amazon customer account will be useless due to abnormal access, please check your personal inform in Iink: <URL> to restore.
3rd Job match: Amazon Delivery Service Partners (Various DSPs Hiring) wants to hire you! – <URL>
there is a problem with the payment method of [amazon] prime membership fee, please check at <URL> to update
the payment method of amazon prime membership fee is abnormal, please update:<URL>
So, what happens if you click on any of the links?
In some cases, you will be taken to an online survey page and eventually asked to enter sensitive personal information, such as banking details:
Or, you will be taken to a fake Amazon login page and asked to enter login credentials. This one looks really convincing, but the URL is the giveaway:
If you fall for any of their tricks, scammers will record the data you provide and use it to transfer all the money out of your bank account, gain access to your online accounts, or even use it for identity theft!
Send a link or a screenshot of suspicious text messages to Trend Micro Check on WhatsApp for immediate scam detection:
Trend Micro Check on WhatsApp
Trend Micro Check is also available as a Chrome extension.
It will block dangerous sites for you automatically:
Trend Micro Check on Chrome
Download Trend Micro Maximum Security for even more protection, including Web Threat Protection, Ransomware Protection, Anti-phishing , and Anti-spam Protection. Gain access to the Privacy Scanner for Facebook and Twitter, Social Networking Protection, and Parental Controls, too. Click the button below to give it a try:
Did you successfully spot the scams? Remember, always CHECK before giving out personal information.
If you found this article helpful, please SHARE to protect your family and friends!
