In a topsy-turvy year where everyone wished to just hit the skip button and roll on to the next year, the holiday season comes as a pleasant change. After a very long time, marketing and sales pundits are reporting positive shopping and buying sentiments. Since many countries, including Germany, Spain, France, and the U.K., are again going back under a forced lockdown, the physical shopping spree is not possible this season; however, digital sales are certainly seeing an uptick. Many of us are still expecting our gifts to arrive, and reports suggest that cybercriminals are using this to their advantage.
The U.S. Federal Trade Commission’s (FTC) advisory that was released earlier this month suggests that amid the much-anticipated holiday season this year, cybercriminals are prying on users’ shopping trends and targeting them through text messaging scams, also known as SMS phishing or Smishing.
The FTC said that, during the holiday season, people do expect their gifts to be delivered by packaging and delivery partners like FedEx, UPS, and other postal or logistics services. Cybercriminals use this opportunity to carry out text messaging scams by simply writing call to action statements that seem to require immediate action in a stipulated time frame to create a sense of urgency and thus, entice the reader into clicking on a malicious link. One such example is shown in the image below.
The malicious link redirects the user to a form, asking them to fill in their personal details, which are then exfiltrated and used in other online frauds or sold over the darknet for monetary gains.
To avoid these scams, FTC suggests its consumers do the following:
- Check the hyperlink/URL for typos or spelling errors.
- Verify messages with the courier over a call on its hotline number for legitimacy.
- Install a mobile device antivirus and keep your OS updated.
- In case of any suspicious activity, report to the FTC at ftc.gov/complaint.