SMS phishing, text message phishing, and “smishing“? These terms all mean the same thing – they are the scams cybercriminals use to try to steal your personal information using messages with phishing links. This article will introduce 4 SMS phishing scams in detail, including ones related to Walmart, DPD, Amazon, and an unknown “payment sent” notification. Have you ever seen anything similar in your inbox? Check out how these viral scams work and learn the tips to avoid them!
Walmart Shipping Scam
Last week we saw Walmart online survey scams. However, these phishing text messages have taken on a new form. This week we’ve detected over 4,000 phishing URLs embedded in fake Walmart text messages in which scammers prompt you to click on a phishing link, falsely claiming that you have to “confirm” or “arrange” your package delivery through it:
- Notice from Walmart: Your gift will be returned if not confirmed by today <URL>
- Notification from Walmart: Grace, you have received (1) parcel. Please arrange for collection before its returned to sender. <URL>
Unlike the online survey scams we have reported on before, there is neither a questionnaire nor an online form to fill out. Instead, these scam text messages lead you to a page that says you’re a lucky winner directly:
The fake page says you’ve won an iPad Pro, but that you have to enter some detailed personal information before you can arrange delivery, including your phone number, address, and even credit card information. Obviously, you’ll never get to see that iPad Pro, and your sensitive data will end up in the scammers’ hands!
Safety Tip: use Trend Micro Check to check web addresses!
Send a link or a screenshot of suspicious text messages to Trend Micro Check on WhatsApp for immediate scam detection:
Trend Micro Check is also available as a Chrome extension.
It will block dangerous sites for you automatically:
We’ve spotted even more text message phishing scams! Have you come across any of them?
DPD Phishing
Besides Walmert, delivery companies such as FedEx, DHL, and DPD are also regularly impersonated by scammers conducting phishing scams. Have you received a text message from DPD that says your package hasn’t been delivered successfully? Be cautious and don’t click on anything!
Scammers prompt you to “book a redelivery” via a phishing link attached:
Content
DPD:We are sorry your parcel cannot be delivered due to an unpaid shipping fee. Visit: hxxps:// dpd[.]deliverv6tl.c om/fee/to book a redelivery.
If you click on the phishing link, you will be taken to a phishing website (e.g. fake DPD site) where scammers can record any information you enter. You will probably be asked to pay money for “delivery” and thus have your credit card information stolen.
“You just sent a payment” Notification Scam
Got a strange text message that reads something like “You just sent a payment to David Williams for $19.50 USD. We couldn’t confirm it’s you, Sign in for more detail?” Lots of people have reported seeing similar messages containing suspicious bit.ly links recently. Again, don’t click on anything!
Scammers falsely claim that you have “sent a payment” to somebody and encourage you to click on the embedded link. The link is, as you might’ve guessed, a phishing link. If you click on it, you will be led to a phishing page where scammers trick you into entering personal credentials which they will use to commit identity theft!
Amazon Survey Scam
Here comes our old friend – Amazon scams. Amazon scams have been popular with scammers looking to exploit people for a long time. With various excuses, scammers try to prompt you into clicking on the phishing links in their text messages. Here are some examples:
1. Package delivery/Amazon Global selling:
- Amazon: Your order #4323316 status changed – Delivered! Track here: <URL>
- Delivered: Your Amazon package with Jolen creme bleach pot 30ml was delivered. More info at <URL>
- HI, Make in India & Ship to the world. Register Now with Amazon Global Selling <URL>
2. Account security alerts/payment notification:
- Open Digital Savings A/c by Axis Bank in just Rs. 590 & fund later. Get flat 5% extra cashback on Flipkart & Amazon. Open now <URL>
- Your Amazon customer account will be useless due to abnormal access, please check your personal inform in Iink: <URL> to restore.
3. Job hunting:
- 3rd Job match: Amazon Delivery Service Partners (Various DSPs Hiring) wants to hire you! – <URL>
4. Amazon Prime membership:
- there is a problem with the payment method of [amazon] prime membership fee, please check at <URL> to update
- the payment method of amazon prime membership fee is abnormal, please update:<URL>
So, what happens if you click on any of the links?
In some cases, you will be taken to an online survey page and eventually asked to enter sensitive personal information, such as banking details:
Or, you will be taken to a fake Amazon login page and asked to enter login credentials. This one looks really convincing, but the URL is the giveaway:
If you fall for any of their tricks, scammers will record the data you provide and use it to transfer all the money out of your bank account, gain access to your online accounts, or even use it for identity theft!
How to Protect Yourself
- Double-check the sender’s mobile number/email address.
- Reach out to the official website or customer support directly for help if you think there are issues with your account.
- NEVER click links or attachments from unknown sources. Use Trend Micro Check to detect scams with ease!
- Download Trend Micro Maximum Security for even more protection, including Web Threat Protection, Ransomware Protection, Anti-phishing , and Anti-spam Protection. Gain access to the Privacy Scanner for Facebook and Twitter, Social Networking Protection, and Parental Controls, too. Click the button below to give it a try:
Did you successfully spot the scams? Remember, always CHECK before giving out personal information.
If you found this article helpful, please SHARE to protect your family and friends!