By Harry Pettit, Senior Digital Technology and Science Reporter | The Sun
BRITS are reporting that they’ve been the target of a convincing scam message purporting to be from Royal Mail.
Cyber criminals are using the fake texts to trick victims into handing over their card details in a bid to fleece them ahead of Christmas.
A number of people have taken to social media to report the scam campaign – which lures you in with the offer of a free iPhone – to Royal Mail.
Screenshots posted to Twitter show a text message from a sender titled “RoyalMail”.
The SMS reads: “There is an item waiting to be confirmed. You took one of the spots on our Currys’ XMAS-list.”
A link included in the text takes you to a website emblazoned with the Currys/PC World logo.
It invites visitors to plug in a few personal details before an alert pops up which reads: “Approved. Your selected iPhone 11 Pro will be delivered within 5 working days.
“Please confirm your delivery address and pay a small fee (£2.00) for insured shipping.”
Users are then invited to click a second link which takes them to a page where they’re encouraged to enter their bank account details.
The website, called “winanticipation”, claims the information will be used to charge you a small shipping fee for your “iPhone”.
Dozens of people have reported the scam on social media since December 12.
One person wrote on Twitter: “Hi there @RoyalMail I received the below text from you today- is it a scam? If I follow it through it goes to a @curryspcworld prize!”
Another tweeted: “@RoyalMailHelp, is this some sort of new scam or a new feature you guys have introduced?
“It’s not the first thing I’ve gotten a text like this from an alleged Royal Mail number.”
Royal Mail confirmed on Twitter that it was “aware of the SMS and is currently investigating”.
The company added that further information on scams and how to report them can be found on its website.
The Sun has reached out to Royal Mail for comment.
Experts said the SMS messages represented a type of phishing scam in which fraudsters trick you into handing over your bank details.
What is phishing?
|Here’s what you need to know…|
Peter Draper, technical director at cyber security firm Gurucul, told The Sun: “This is just another version of a phishing scam but using text instead of email.
“The goal appears to be information gathering and, without a doubt, to obtain people’s full payment card details.
“If the recipient provides their card details and CVV, then the bad actor has what they need. They can then use to either spend on the card or, better still, sell the details to multiple bad actors.
“In the worst case scenario the details can be used to steal an identity and apply for credit etc.”
Expert Javvad Malik, of security awareness firm KnowBe4, warned people not to click on links sent in text messages.
“The simple reminder for people is that if it looks too good to be true, it usually is,” Javvad told The Sun.
“It’s highly unlikely a company will give away such a valuable item without even having entered a draw or competition.
“People should resist clicking unsolicited links in emails and SMS, and if they do click and go to a site, they should definitely not enter any personal or financial information.
“If in doubt, people should directly contact the company the communication claims to have originated from and verify if it is a genuine communication.”
Cyber security researchers recently warned of an Instagram scam that let hackers hijack your account.
Netflix users were notified in January of a sophisticated scam that stole your account and rinsed your bank account.
Speaking of bank accounts, this sneaky Google Chrome scam that fakes your favourite websites could leave you cashless this Christmas.
Have you spotted any scams lately? If so, let us know in the comments!