Waiting for a package on these dates is very common. We make Christmas shopping online and also from various stores or platforms. This means that many times we do not control very well when a shipment is going to arrive, which transport company is going to send it, if we have to communicate with them for the date and time, etc. All of this is exploited by hackers to scam, steal passwords or infect devices. Something very common is receive an SMS supposedly related to a package that we have to receive.
Phishing taking advantage of Christmas shopping
What do these SMS consist of? Basically we receive a message to our mobile where they tell us that a package is waiting to be delivered, that we have to click on a link to confirm the delivery time or even that there has been a problem with the data and we have to fill in a form to confirm it.
But of course, in reality that SMS is not being sent by the transport company. It is a fraud, of an attempt to Phishing attack, with the aim of stealing our data or passwords. Hackers take advantage of these dates because they are more likely to be successful.
These are some SMS examples that usually arrive on these dates. In this case, they are two messages that pose as DHL and Envialia. We go back to what we mentioned before: many users do not really know which company is going to deliver a package and it is not unusual for it to be one of these. This can cause them to click and that’s where the problem begins.
We see that one of them asks us to click to manage the delivery and the other to confirm the payment. A user who is waiting for a package and an SMS arrives to manage the delivery might think that he has to enter there to set the time when he will be at home, for example. There are common phishing pitfalls that you should be aware of.
How to avoid problems with fake SMS
It is very important not to fall into the trap, as this could mean that we download a file that is actually a virus, that we put personal data and end up in a database controlled by the attacker or that they even ask us for bank details. Therefore, it is essential to follow a series of tips.
The first and most important thing is not make mistakes. Common sense is essential in dealing with Phishing attacks. We must at all times avoid opening suspicious links, especially those that come to us by SMS.
In the two examples of SMS Phishing taking advantage of the Christmas season that we have seen, strange links appear. Those URLs do not bear the name of DHL or Envialia, in this case. That already gives us a clear clue that we may be facing a scam and we should not click that link.
Always be informed
Another important point is to always be informed. For example, check which transport company is going to send us a package, if we really have to pay something additional for the shipment (something that is very rare to happen), if we have to contact the company to confirm the time, etc.
This will help us to have a more control and, in case of receiving an SMS that makes us doubt, to know that we really do not have to do anything else. Even if we actually waited for a package from that so-called company that has sent us a message, we would not fall into the trap.
When in doubt, never open a link
But without a doubt something fundamental is not to open any link in the face of the slightest doubt. Here it is not valid that of “I open it just in case”. Simply by clicking on a false link we can infect the system with malware or we can get to a web page where they will request data that actually ends up in the wrong hands.
Therefore, if we receive a message on the mobile and we believe that it may be dangerous, the ideal is delete it directly. If we really have doubts about whether something needs to be done to receive the package, it is advisable to contact the transport company or the store where we have purchased through official and secure means.
Keep devices protected
Another basic point to buy safely online is to have the safe devices. This includes having a good antivirus that acts in case we click on that fraudulent link and download a file that is actually a danger and can seriously affect us.
But we must also have the latest versions. Keeping the system updated and any application that we use will help to minimize the risk that they could exploit a vulnerability and attack us.