People in France are being warned to stay alert to text messages about parcel deliveries, which appear normal, but actually hide malware that can reveal your personal details and data to criminals.
Reports of such text messages have increased in recent weeks, having first been reported in early April.
The texts generally refer to a parcel delivery and say something along the lines of “Your parcel has been dispatched. Check and receive it now” with a link. In French, this reads: “Votre colis a été envoyé. Veuillez le vérifier et le recevoir”.
(Photo: cyberguerre.numerama.com / Screenshot)
How can I tell if the message is a scam?
There are some clues in the message.
- The French in the message is a little awkward (although grammatically correct) as if it has been translated automatically.
- The sender number appears to be a French number, but it is just a normal mobile number, not an official number from a recognised company or named contact.
- The link is usually a “tiny url” link, and begins “http://tinyurl.com/”. Most official companies will not use this type of link but will instead have a branded link to their own website.
- The text does not specify what your parcel is. Many legitimate companies will send a summary of your order or parcel, so you can check it is really referring to an expected delivery.
- The text comes without warning, whether or not you have ordered anything. Even if you are expecting a parcel, the text is vague and non-specific.
Scam monitoring website Cyberguerre Numerama warns that people should delete the text immediately, and never click on the link. This is especially true if you do not know who is sending the text, nor which parcel to which the link refers.
What happens if I click the link and how can I tell if it is a scam?
- Firstly, the link does not take the user to a delivery or tracking page. This is immediately suspect.
Instead, the link takes you either to a suspiciously-blank page with a “nonsense” address, or to a webpage asking you to download an update to the web browser Google Chrome, for “a better experience”.
This is not normally how you would update smartphone apps and so is suspicious.
- Secondly, the page is also not related to the original text, and is not about a parcel at all.
- Thirdly, once the download begins, the user is then asked to confirm several questions about their personal data, such as their contacts. Again, this is a suspicious request.
Once these details are collected, the malware sends the information to the scammers, and installs two new apps on your phone; one that looks like Google Chrome, and another that is “transparent” and therefore difficult to detect. It may look like a gap in your phone icons.
- Fourthly, the malware can then open a page on your phone that says your bank account is blocked, and requires your name, account number and bank card details to unlock it.
Do not enter any details. No bank would ever ask you to confirm your account or “unlock” your account in this way.
The malware also collects information from your phone in the background, including the apps on the phone, your telephone number, contact list, SIM card number, and more.
The malware can also send texts to the user’s contacts, to spread the scam further.
At this point - or before - it is likely that users will recognise that the text and page are a scam, and realise they have been duped.
So what if I have fallen victim?
- Delete the extra apps that the malware has likely downloaded onto your phone. Search your icons for two extra apps, one of which may look similar to Google Chrome and another that might appear faint or transparent, and delete them.
- Contact your bank to let them know you may have fallen victim to a scam - especially if you entered any payment or bank details - and ask them to secure your account.
- In future never click on links in text messages, especially those from people, companies or numbers you don’t know and cannot verify, or that you are not expecting.
Even if you have indeed ordered a parcel, it is better for you to go directly to the website or courier yourself and check at the source - via the company’s own website in a new browser page - rather than clicking on a link in a text.
Beware of scam Covid-19 appointment calls in France
Live in Tarn-et-Garonne? Watch out for the fake census scam
Warning over Covid 'paid' vaccine phone scam
France: 4-fold rise in online shopping scams last month