Delivery scam text links on rise again – and they’re more difficult to spot

Cybersecurity, News

Scam text messaging (smishing) is on the rise again as GCHQ warns that companies using shortened or unclear web links are making it more difficult for the public to spot the offenders. 

As part of measures to get tough on fraudsters, the National Cyber Security Centre (NCSC), part of GCHQ, has published new advice for businesses on creating trustworthy customer messages following a rise in text- and call-based scams, such as those involving fake parcel deliveries.

Businesses often use online tools to shorten web links into a standardised combination of letters to make them neater. This is to avoid having long links that can run for a couple of sentences in text messages.

However, they also make it easier for scammers to trick people into clicking links that take them to fake sites where their personal information is stolen.

Last September, Which? revealed that “smishing” attacks – sending scam text messages – in the UK rose by nearly 700 per cent in the first six months of 2021. This was based on data by Proofpoint, which operates the 7726 text service that the public use to report scam texts.

Currently Which? is warning about a new delivery scam text impersonating the Post Office (a link to the Which? Conversation article can be found here).

Clicking the links takes you to an extremely convincing Post Office clone, shown above. The website was only set up in the last few days. The first step of the scam is to invite you to enter your postcode before asking for your full name, delivery address, email address, date of birth and mobile number.

This information is then fed directly to scammers who could use it to commit identity fraud. 

Says Adam French, Which? Consumer Rights Editor:

“Throughout the pandemic, fraudsters have come up with new ways to part people from their hard-earned cash. Which? has found a new delivery scam text which takes people to an extremely convincing clone of the Post Office website to rearrange their delivery. 

“If people input their details and pay for a new delivery date, the scammers redirect them to the official Post Office website – making this fake even more plausible. 

“Consumers should be on high alert for scams and if in any doubt, should verify the text directly with the company before giving any personal information. If you’ve entered any bank details, contact your bank immediately to ensure the scammer cannot take any more money from your account and ask to be reimbursed. You can also report any attempted scam to Action Fraud.”

Chris Price
For latest tech stories go to