Consumers have been warned to stay vigilant of delivery scam texts while online shopping for Christmas and during the Boxing Day sales.
UK Finance cited new data from cybersecurity firm Proofpoint showing that delivery ‘smishing’ scams are surging amid the busiest shopping period of the year. This showed that over half (55.94%) of all reported smishing text messages impersonated parcel and package delivery companies so far in Q4 2021. This compares to just 16.37% of smishing attempts in Q4 2020, more than tripling the proportion year-on-year.
Proofpoint also observed a significant drop-off in other types of smishing scams in Q4 2021 compared to Q4 2020. For example, text scams impersonating financial bodies and banks made up 11.73% of smishing attacks in 2021, compared to 44.57% in 2020.
The data comes from the NCSC’s 7726 text message system, operated by Proofpoint. This system enables customers to report suspicious texts.
Typically, delivery smishing scams start with the fraudster sending a fake text message informing the recipient that the courier has been unable to make a delivery and requesting a fee or additional details to rearrange. The consumer will be given a link to a fraudulent website impersonating the package delivery company, in which they are prompted to provide personal and financial details.
This type of scam has become increasingly prominent following the enormous growth in online shopping during COVID-19. Earlier this year, Proofpoint revealed that over two-thirds (67.4%) of all UK texts were reported as spam to the NCSC’s 7726 text messaging system in the 30 days to mid-July 2021.
A recent investigation by Which? demonstrated a particularly sophisticated smishing scam involving a highly convincing DPD copycat website.
Katy Worobec, managing director of economic crime at UK Finance, commented: “Scrooge-like criminals are using the festive season to try to trick people out of their cash. Whether you’re shopping online or waiting for deliveries over the festive period, it’s important to be on the lookout for scams.
“Don’t let fraudsters steal your Christmas – always follow the advice of the Take Five to Stop Fraud campaign and stop and think before parting with your information or money.”
Commenting, Steve Bradford, senior vice president EMEA at SailPoint, said: “The sharp rise in text message scams – or smishing, which has increased tenfold compared to last year, should be a stark warning to the public. With parcel delivery scam texts expected to spike this Christmas, it’s clear cyber-criminals are using every opportunity available to target victims using new methods.
“This comes as more businesses use SMS to engage with customers, to accommodate the digital-first mindset that now characterizes many consumers. But this also opens the doors to threat actors able to masquerade as popular websites or customer service support.
“Consumers must be extra vigilant and refrain from clicking any links in text messages that they’re unsure about. It’s also crucial they are keeping their data, identities and banking information safe – for example, by not taking pictures of their credit card and financial information, since photos often get stored in the cloud, which risks potential exposure to malicious actors.”