Skip to content
Someone entering card details into a phone
The majority of “smishing” fraud attempts have come through the blitz of parcel delivery texts sent out during the Covid crisis.
Millions of mobile users have received the texts that claim a small payment is needed for a package delivery to be completed.
But the texts are a front for fraudsters attempting to steal personal banking details.
Cybersecurity firm Proofpoint told banks their prevalence was on the rise.
Smishing is a technique that criminals use to target consumers with texts impersonating trusted organisations.
Proofpoint, which provided data for the banking trade body UK Finance, said that over a 90-day period to mid-July, some 53% of these smishing attempts were via delivery texts. This compared with 23% of messages claiming to be from banks or financial institutions.
During the most recent 30-day period, some 67% of these scams were delivery text messages.
Katy Worobec, managing director of economic crime at UK Finance, said: “Criminals are experts at impersonating a range of organisations and have capitalised on the pandemic, knowing that many of us will be ordering goods online and awaiting parcel deliveries at home. ”
Tricked in a hurry
The text, claiming to be from Royal Mail or a delivery company arrives out of the blue and claims a parcel is awaiting delivery, but a small payment is required.
Tom and Freyja Cuff, from Frome, Somerset, received a text about a parcel collection which eventually led to their bank account being emptied of £2,500.
Mr Cuff said that with online shopping being very common over lockdown, his wife “didn’t think anything of it” and clicked on a link authorising a small payment of £2.50 to release the parcel.
Mrs Cuff was then contacted again by the fraudsters, this time claiming to be from the couple’s bank.
She was told they wanted to move her money in order to protect it from being targeted further, but the couple’s account – including savings for a new home – was then emptied.
“Basically someone funnelled all our money out, pretending to be the bank, and we were left with absolutely nothing. It was heartbreaking, horrendous,” Mr Cuff said.
The message then links to a website mocked up to look like an official site. The page requests personal and payment details, which scammers may use to steal someone’s identity, or use to target them with other scams.
Royal Mail said it would not use such texts – unless specifically requested – and would use a grey card instead to tell people if any fee was required.
Laura Suter, personal finance analyst at AJ Bell, said: “Everyone thinks they are smart enough to spot a scam text, but the messages have become so sophisticated that it’s easy to be caught out.
“Lots of people will also see the text when they are in a hurry to receive their package or are rushing, so won’t stop to think about whether it’s legitimate or not.”