We’re all home and waiting for lockdown to end, and that’s giving scammers an in, as home delivery scams come to SMS and email.
Lockdown is taking its toll, but there’s one group of people who don’t mind us all staying at home: scammers. Cybercriminals have found it particularly handy that we’re all at our computers and using our phones more often, as the scams ramp up while we’re at home more than ever.
In the past few months, we’d hazard a guess that everyone has received a scam of some sort, but hopefully you’ve counted yourself lucky enough not to add yourself to the growing losses counted by the ACCC’s Scamwatch project. Every month, the stats showing Australian losses grows, all while the types of scams increase, and lately, one scam is targeting our push to buy things from home: delivery scams.
Home delivery scams are all about the con involved in sending a package. It could be a message alerting you to a delivery only to have you enter in details that are then stolen, or even a delivery message that leads Android phone owners to install an app that’s actually a virus. It might even be a phone call attempting to disarm you and take your details.
As we’re all at home more than ever, scammers are focusing their efforts on our need to buy things, and cashing in by pretending to be a part of that chain.
That’s bad news for folks who mightn’t be paying attention, because it gives scammers an in, and your details and wallet and out right into the scammer’s own.
“With so many deliveries coming and going, it’s hard for some to keep up with what orders they’re waiting on, providing a golden opportunity for scams and phishing attacks,” said Paul Ducklin, Principal Research Scientist at Sophos.
“The idea is simple: the scammer will provide you with a link to ‘track your parcel’ or tell you there’s an issue with your delivery,” he said. “For example, you weren’t at home so the parcel ended up back at the depot, or there was a problem with your address and they couldn’t find your house or apartment.”
That link will take you to a site designed to look legit, yet is anything but. Also known as phishing sites, they’re built to look as close as possible to the real thing so that you think you’re in the right place, and hand over your details to a criminal. It’s an idea that has been around for ages, and one that still traps people, with a victim only realising it when the details don’t load the real site, and personal details are entered to no avail.
Unfortunately, these scams will likely keep coming, meaning we’ll all need to be on the lookout, checking those links very closely and trying not to be fooled by the number sending the texts.
While phishing is the main approach scammers use to trick you into handing over details, trusting the messages typically comes via another tactic known as spoofing. When a phone number is spoofed, it means you’re getting a message from something that looks like the number you’re seeing, but is in fact not it. This approach is a form of subterfuge to make you think the message is local, and to give it more trust, even if it’s nothing but a fake.
Falling for one is risky, because scammers are after your information, whether it’s your password or personal details that can be used to gain access to your accounts.
“Some of the most common details include passwords, which allow scammers to access your other accounts, and credit card details that enable them to steal your money,” said Ducklin.
“But that’s not the only thing scammers are on the lookout for. Scammers will steal personally identifiable information such as your driver’s licence number, Medicare details, or even your mother’s maiden name,” he said. “They can then abuse this — or sell to other crooks for them to abuse — and steal your entire identity.”
So what can you do?
Questioning messages that come to you and the calls being made from people you don’t know is a start, as is ensuring you don’t trust an email or message blindly. If you receive a message suggesting you have a delivery and it isn’t from an actual postal or courier service you’d use, it’s a fake, and one likely trying to lead you down a path.
Look closely at the link and don’t click, as that could lead you to a phishing site, which gets a little easier to believe if you don’t quite know what you’re looking at. Instead, check the company where you might have purchased something, and see if it offers tracking details or a service name for how something has been sent. If it’s Australia Post, StarTrack, or another mail or courier service, you may be able to find tracking details at that company instead.
And while scammers are getting better, stay on the lookout for mistakes.
“While attacks are becoming more sophisticated, they’re often conducted by scammers from other countries or non-English speakers who are more likely to make spelling and grammatical errors,” said Ducklin.
It might seem crazy or even frustrating that you’ll need to analyse and scrutinise every message that comes in, but in a time when scams are so common, you can get at least one attempt daily. Not getting caught is something aided by education and awareness, and one of the better things you can do to ensure you’re not one of the loss numbers in the growing scam game.