A message comes in telling you a package has attempted delivery but failed. Is it real, and how do you tell?
Even though more of us are going out than before, scammers are still keeping their routines consistent. Much like the situation was months ago when many people started working from home, deliveries are happening and scammers are keen to take advantage, only lately, they’re turning to SMS scam notifications in droves.
“We have attempted to deliver your package, check it’s status here”, the message reads, coming from an unknown Australian number. There’s a link that it wants you to click, and that’s it. This is the scam: a local number, an almost-real message, and a link to suggest you can get information.
But nothing has changed, and this is yet another scam trying to fool you, taking you to a link that means nothing and will only steal your details. What’s going on?
Scammers ramp up fake delivery scams
Whether scammers are hoping you’ll download a horrible piece of malware to an Android phone or having you fall for a dodgy fake phishing website, scammers have been at this game for several months now with some pretty serious stealings.
In September alone, the Australian Competition & Consumer Commission’s Scamwatch noted $30 million lost from reported scams with over 8,000 reports coming from phishing attempts alone. It’s crazy, and signals just how much effort scammers are going to when it comes to fleecing people out of their money.
Scammers are spending a lot of time sending these out in a rather automated fashion, hoping you’ll be the unfortunate one that clicks and follows through.
If you click on a fake website, you may have fallen for a phishing site, even if it looked legitimate. If you click on an Android phone and are asked to install an app outside of the Google Play Store, there’s a good chance you’re being asked to install Flubot, a nefarious piece of software that can give scammers access to your accounts and send it to other contacts in your phone, repeating the cycle for friends and family.
The way to stop these scams in their tracks are to know the signs and not fall for them, even if they’re beginning to look more and more legit.
How do you recognise realistic scams?
Knowing which message is a scam and which isn’t may come down to education, but there are some obvious indicators that can give it away.
The wording is one aspect, though scammers are getting better at that, even if they did miss the correct use of “its” in the messages we’ve received lately.
However, the link you’re sent is the obvious indicator, as scammers have no way to fake a real link from a company like Australia Post, DHL, or FedEx. They may be able to get close, but few actually try, and are preying on the fact that you won’t check, which is one of the most important lessons in recognising a scam attempt.
“Always think, and look, twice,” advised Alex Merton-McCann, Cyber Safety Ambassador for McAfee. “Many scams appear legitimate at face value,” she said, “counting on the fact that we are too busy to notice the communications are fake, or that we think we’re too tech-savvy to be tricked.
“Taking an extra few minutes to analyse any email or text message, to go directly to the supposed source — that is, contacting the organisation that has ‘reached out’ yourself, or checking what their actual email or phone number is — or to think more critically about whether such an organisation would contact you out of the blue, will help keep you out of scam trouble.”
It means you shouldn’t just blindly trust a message that comes in, thinking that a message to you is authentic simply because you received it. Your email and your number are likely available on quite a few lists, if not on one that’s automatically generated, and scammers would be only all too happy to have you think their message is real.
Unfortunately as scammers learn what works, the scams may appear just that — more real — and that means being more proactive and reading and checking what’s real and what’s not.
So before you click, consider the following:
- Check the phone number: an Australian number can be real, but it can also be fake and spoofed. Don’t let a phone number trick you into thinking something is legitimate. Shipping and delivery companies will typically have an actual name attached to the phone number, typically sent out by a platform. An Australian mobile number isn’t necessarily an indication of legitimacy.
- Look at the link, but don’t touch or click it: does the link come from a website you’re familiar with, such as the official website for Australia Post, or something similar, or is it a random name you’ve never heard of before? If it’s the latter, there’s a solid chance it’s a scam.
- Were you even expecting something: scammers are relying on our expectation that we’re anticipating a delivery, but if you’re not, you should know this is a scam, and if you were, contact the company you ordered from and ask how it was sent, trying to get tracking details there. Don’t click on this link just because you’re waiting for a package, as not all tracking systems are magically linked.