Posted
Hackers are taking advantage of the surge in online orders to lure victims into believing that they have to pay shipping costs in order to receive their pseudo-package.
“Watch out girls, I got a weird message. It’s a scam. ” This is what Ève * wrote on Wednesday on a WhatsApp group that she shares with friends. Surprise! Two of them received a similar text message the same evening, a third on December 29. The fraudulent communication is in the name of La Poste or a delivery company indicating that a package is pending. To proceed with the delivery, you must pay shipping costs by clicking on the link provided.
“I was just expecting a package this week. I thought it was plausible, ”says Eve, who took a bite of the hook. La Genevoise then entered her bank details. Luckily for her, her card’s security system prevented her from going any further. Two hours later, the thirty-something received three inconsistent messages concerning invoices of 200 euros. “That’s when I was like ‘Oh my God!’ and that I blocked my credit card. ”
Perfect timing
This type of scam is known to law enforcement. “It’s a phenomenon that explodes during the end of the year celebrations, because people tend to place more orders online during this period,” explains Alexandre Brahier, spokesperson for the Geneva cantonal police. He recommends that victims file a complaint. “This allows us to have information to trace back to the authors.”
“In December, all the indicators were in the red,” confirms Nicolas Vernaz, specialist in cybersecurity. For him, teleworking can also explain this upsurge. “People are at home and order more easily. Hackers take advantage of the current context to reach their victim. ”
Hackers impersonate La Poste in order to achieve their ends.
screenshot
The identities of other delivery companies, such as DHL, are also used by scammers.
SMS screenshot
Smishing, a new challenge
Attacks via SMS present a new challenge in terms of prevention, says the expert. “On computers, there is anti-spam. The emails are filtered. With messages on cellphones, this is not the case. ”
Swiss crime prevention abounds. She also devoted an article to these scams, which she calls “smishing”, or a contraction of SMS and “phishing” (note: phishing in French). “Going through a messaging service reassures potential victims. Text messages or other short messages are considered to be more personal and trustworthy. Thus, the targets of hackers will be more likely to fall into the trap. “
This is what happened to Eve. “Normally I take great care of this stuff. But I’m not used to ordering on the internet, so the SMS didn’t surprise me. For once I let my guard down a bit. I felt so stupid, ”regrets the young woman. The same scam is also running via email, according to a Vaudois who received an email identical to the SMS on Thursday.
For its part, La Poste indicates that it is regularly the subject of this type of cyberattack. However, it has not seen an upsurge lately. Just like the Vaud cantonal police. The yellow giant recalls that it never asks its customers, by phone, e-mail or SMS, to provide personal data, such as passwords or credit card numbers, nor does it require a sum money to trigger the delivery of a parcel or consignment. ” For his part, Alexandre Brahier advises to always check if the tracking number of the package provided in the SMS corresponds to that expected. Another item to check is the sender number. “If it is a cell phone, it is a bad sign”, specifies Nicolas Vernaz. And to add that it is necessary to observe the url links in order to ensure that there is nothing suspicious. In case of doubt: check with the delivery company concerned.
Rising phenomenon
If the parcel scam is not new, Jean Tschopp, head of advice at the Fédération romande des consommateurs, has observed an increase in cases since the fall. “This type of campaign continues to run steadily. We must be extra vigilant and report incidents to operators, who have been required to set up filters against unwanted numbers since last July. ” It is also possible to report incidents to the National Cyber Security Center. The latter indicates that “fraudulent delivery notifications are one of the most frequently received announcements in the past year”.