Royal Mail Scam: Sorry, You Haven't in Fact Won that iPhone 11 Pro

Closeup portrait anxious scared young girl looking at phone seeing bad news photos message with disgusting emotion on her face isolated on gray wall background. Human reaction, expressionAn SMS phishing scam is targeting people in the UK with fake notifications that appear to come from the Royal Mail postal service, The Sun reports. The messages are personalized, and they address each recipient by their real name, informing them that they’ve been selected to receive a free iPhone 11 Pro. In order to receive their prize, the recipient is asked to enter their address and their debit card details in order to pay the £2 shipping insurance fee. Peter Draper from cybersecurity company Gurucul explained what an attacker could do with this information.

“This is just another version of a phishing scam but using text instead of email,” Draper said. “The goal appears to be information gathering and, without a doubt, to obtain people’s full payment card details. If the recipient provides their card details and CVV, then the bad actor has what they need. They can then use to either spend on the card or, better still, sell the details to multiple bad actors. In the worst case scenario the details can be used to steal an identity and apply for credit, etc.”

One of the recipients of the scam posted a screenshot showing that he received the phishing text in the same thread as legitimate package tracking messages sent by Royal Mail. This highlights the importance of knowing how to spot a scam even if it appears to come from someone you trust. KnowBe4’s Javvad Malik told The Sun how to avoid falling for one of these schemes.

“The simple reminder for people is that if it looks too good to be true, it usually is,” Javvad said. “It’s highly unlikely a company will give away such a valuable item without even having entered a draw or competition. People should resist clicking unsolicited links in emails and SMS, and if they do click and go to a site, they should definitely not enter any personal or financial information. If in doubt, people should directly contact the company the communication claims to have originated from and verify if it is a genuine communication.”

New-school security awareness training can teach your employees how to spot the social engineering tactics used to exploit both individuals and organizations.

The Sun has the story:

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews