People in France are being warned about a new scam through which an SMS text message stating “Your parcel has been sent (Votre colis a été envoyé)” is sent to members of the public.
Here is how it works and how to avoid falling victim.
Cybersecurity firm Sekoia has identified the new scam, which it says comes from Chinese hackers under the umbrella group name ‘Roaming Mantis.’ It claims it is a ‘phishing’ (hameçonnage) campaign and that the fraudsters are trying to get recipients to click on a link in a bid to then illegally capture their data.
The scam is thought to have targeted more than 70,000 Android phones so far, but is also spreading to iPhone users.
What does the scam look like?
Potential victims are receiving SMS messages on their phones reading “Votre colis a été envoyé” (Your parcel has been sent).
This is designed to spark attention, as the recipient has either not sent a parcel and therefore is worried there has been an error and so becomes interested in the text and more information or has sent one and believes the SMS to be genuine.
This message is followed up with a link. Once the recipient clicks on the link, they are invited to update their web browser, which discreetly instals malware, named “MaqHao,” which then collects data from the infected phone.
The hackers may then sell the data to other third parties or steal the bank details of the victim so as to steal money from their account.
They can also send SMS messages to other phones from the infected phone to spread the scam further.
How can I avoid the scam?
If you have not sent a parcel and you receive this message and link, you can assume it is a scam and delete it.
Even if you have sent a parcel, or are expecting some sort of parcel update, remain alert.
Do not click on any unexpected links sent via SMS or otherwise
Do not allow downloads or app suggestions from links within SMS messages
Pay attention to the sender’s details. The number is often unknown, international or otherwise suspicious or unusual
Pay attention to any links. They may appear genuine but there are often clues that they are scams. For example, rather than “LaPoste.fr” they may appear similar to “LaPoste-fr.com” or “LaPoste-colis-fr.co”, or contain other elements that the real URL does not.
If in doubt, do not click on any links or download any apps or forms. Instead go directly to what you believe to be the source and check if an update is genuine.
If you are worried that you have accidentally fallen victim already, contact your bank to let them know. They may be able to stop any suspicious payments, or block your cards or account.
In France, recipients of suspected scam messages can forward the text message (preferably without adding any comments) to the number 33700, or report it online here. You can also receive free support from the France Victimes association, which is available on the number 116 006 from within France.