An SMS phishing scam is targeting people in the UK with fake notifications that appear to come from the Royal Mail postal service, The Sun reports. The messages are personalized, and they address each recipient by their real name, informing them that they’ve been selected to receive a free iPhone 11 Pro. In order to receive their prize, the recipient is asked to enter their address and their debit card details in order to pay the £2 shipping insurance fee. Peter Draper from cybersecurity company Gurucul explained what an attacker could do with this information.
“This is just another version of a phishing scam but using text instead of email,” Draper said. “The goal appears to be information gathering and, without a doubt, to obtain people’s full payment card details. If the recipient provides their card details and CVV, then the bad actor has what they need. They can then use to either spend on the card or, better still, sell the details to multiple bad actors. In the worst case scenario the details can be used to steal an identity and apply for credit, etc.”
One of the recipients of the scam posted a screenshot showing that he received the phishing text in the same thread as legitimate package tracking messages sent by Royal Mail. This highlights the importance of knowing how to spot a scam even if it appears to come from someone you trust. KnowBe4’s Javvad Malik told The Sun how to avoid falling for one of these schemes.
“The simple reminder for people is that if it looks too good to be true, it usually is,” Javvad said. “It’s highly unlikely a company will give away such a valuable item without even having entered a draw or competition. People should resist clicking unsolicited links in emails and SMS, and if they do click and go to a site, they should definitely not enter any personal or financial information. If in doubt, people should directly contact the company the communication claims to have originated from and verify if it is a genuine communication.”
New-school security awareness training can teach your employees how to spot the social engineering tactics used to exploit both individuals and organizations.
The Sun has the story: https://www.thesun.co.uk/tech/10568318/royal-mail-text-scam-free-iphone-11-pro-christmas/