Your package is being delivered! Your order no. XXXX from XXX has been shipped. What at first glance appears to be genuine in some cases is actually a nasty scam with supposed package tracking links. Beware of smishing, or better known as SMS phishing. [Note: This article is aimed at both iOS and Android users.]
Many cell phone owners are currently receiving strange text messages. The content is always the same – it's about package tracking. But they all have one thing in common – they're fake. The perpetrators want the recipient to click on the supposed link. The goal of these messages is, among other things, to steal login credentials. In short – it's phishing. Now the BSI (Federal Office for Information Security) has also issued a warning. The new blog post states:
For days, smartphone and cell phone users have been receiving SMS messages that ask them to click on a link. This is known as "smishing" - a portmanteau of the terms SMS (short messages) and phishing (theft of access data via fake messages or emails). The perpetrators claim, for example, that the recipients of the SMS will soon receive a package or that a shipment should be returned to the sender.
Package tracking via SMS: What happens when I click on the link?
The messages contain a link. Behind this web link is the Android malware FluBot, which has been in circulation since November 2020. If an Android user clicks on the link, the malicious FluBot app is offered for download directly. The application itself is disguised as a package tracking app, usually from well-known logistics companies such as DHL or FedEx. If the link is clicked by an iPhone or iPad user, an advertising or phishing page usually opens. The aim of both versions is, among other things, to steal sensitive information.
I received such an SMS: what should I do?
As explained above, these SMS messages contain a web link. The damage only occurs when you click on it and follow the further instructions. This means that if you receive such an SMS, you must not click on the link under any circumstances. The message should be deleted directly from the device without any interaction. If you know the sender, however, it is advisable to contact them by phone and check that they are authentic. The sender can also be blocked via the device. However, since the SMS messages are sent from different numbers, this step is actually of little use. In addition, users are generally recommended to always run the most recent version of the operating system - whether iOS or Android.
I clicked the link, what should I do now?
If someone has already received such a message and clicked on the web link contained therein, the BSI recommends the following behavior:
- Remove your device from the mobile network by activating flight mode. This will prevent further SMS sending and any communication between FluBot and other devices.
- Inform your mobile phone provider about your case.
- For example, check your bank account or payment service provider for debits that you did not initiate.
- In this case, it is also advisable to set up a third-party blocker. Your mobile phone provider can help you with this.
- File a criminal complaint with the local police station. Take your smartphone with you to secure evidence.
- Reset your smartphone to factory settings (after you have filed a report). Before doing so, back up all important data such as photos, documents, etc. locally (for example via a USB connection). When you reset to factory settings, all saved and installed data will be lost. However, this step is necessary to completely remove the Android malware distributed via the current SMS spam messages.
Where all the data comes from has not yet been verified. However, it is suspected that the whole thing has something to do with the recent data leak by Facebook, among other things. Last weekend More than 533 million Facebook user data, including email addresses and cell phone numbers, were made available in a hacker forum. The whole thing started at about the same time with the package tracking links. So, stay alert and suspicious of messages with strange content. (Photo by Thufir / Bigstockphoto)
