It's been a while since I wrote about a security issue on this blog, but here is one I came across yesterday: a text message scam.
My daughter came to me to ask about a text message she had received, purportedly from the Royal Mail. The message read:
[Royal Mail] We attempted to deliver your package at ...on... but no one was available.
Your parcel was returned to our depot and you need to reschedule your delivery.
Please reschedule your delivery at royalmail.com/reschedule-delivery/GB678285065GB
Primarily, but with hindsight, the Royal Mail doesn't send text messages like this.
The reason I was suspicious at the time was because my daughter is too young to order online, and I had been standing at our front door that day when the postman arrived, and he didn't try to deliver anything, only a letter.
But I was still unsure because this text message doesn't show the normal tell-tale sins of a scam: the spelling is good and the link seems to be genuine.
Against my better judgement perhaps, I decided to check it out. This was not really a good idea, as links in scam messages (which I confirmed this was in due course) can lead to malware.
Clicking on the link opened a quite convincing looking page, asking for phone number and DOB.
The next page asked for a number of personal details. Although the page looks like a genuine Royal Mail page, there are sure signs that it isn't: the links on the page (for example: "Click here for more information on Coronavirus") do not work, and the address is not now royalmail.com but royalmail.schedule-redelivery.com. By this time I was very suspicious, so I entered some made-up, nonsense details. Despite the details being complete nonsense, the next screen was a screen asking for a card payment: a scam similar to others documented at (the real) royalmail.com
An additional feature of this scam that makes it seem more convincing is that the the scam site uses a verified secure connection.
Abuse reported to CloudFlare.
Back to the main reason this scam text looks so convincing: the apparently real royalmail.com link in the SMS message. Unlike other scam texts documented on the Royal Mail website, the link is not a shortened (and obviously suspicious) link as used in previous scams.
So how have they done it? I suspect the link in the text message was to royaImail.com (that's a capital i), which in an Android message app looks exactly like an l.
I reported this scam to Royal Mail and here is their response:
This is a dedicated Royal Mail facility dealing solely with matters concerning Royal Mail or affecting Royal Mail. The information provided does not appear to be linked to Royal Mail in anyway.
Not interested because it's a text message not an email, which is rather disappointing. I would have thought they would be interested in taking down a fake Royal Mail site stealing from their customers, but apparently not.
No comments:
Post a Comment