Delivery scams become most common form of smishing

Cyber security provider Proofpoint finds a major increase in the number of threat actors impersonating postal services

Parcel and package delivery scams now constitute more than half of all reported text phishing, or 'smishing', attempts in the UK, as remote working increases consumers’ and businesses’ reliance on postal services.

That's according to new data published by trade association UK Finance, with the findings attributed to cyber security provider Proofpoint.

The company found that, between 15 April and 14 July 2021, 53.2% of all reported scam text messages were sent by threat actors posing as postal delivery firms.

Data collected by Proofpoint also shows that the trend of impersonating postal services such as the Royal Mail is on the rise. Between 14 June and 14 July, parcel and package delivery scams constituted 67.4% of all smishing attempts.

By contrast, impersonating financial services and banks is becoming less prevalent, falling from 36.8% between 15 April and 14 July to only 22.6% for the 30-day period up to mid-July.

According to Sarah Lyons, NCSC deputy director for Economy & Society, Proofpoint’s findings prove that scammers choose to “regularly exploit well-known, trusted brands for their own personal gain” and that these messages “can be very hard to spot”. 

Related Resource

How to reduce the risk of phishing and ransomware

Top security concerns and tips for mitigation

Large letter 'O' against a background of a city - whitepaper from MimecastFree download

“If you think you've already responded to a scam, don't panic. Whether you were contacted by text message, email or phone, there's lots you can do to limit any harm,” she said, adding that people should forward scam messages to to 7726 as well as visit www.cyberaware.gov.uk “for more information on how to protect your online accounts and devices”.

McAfee VP Antony Demetriades told IT Pro that Proofpoint’s findings are symptomatic of the mass shift to remote working:

“Following nearly 18 months of lockdowns, working from home, and store closures, it’s not surprising that we’ve seen an increase in online criminals tapping into consumer online shopping habits with fake parcel delivery scams.

"Scams and fraudulent emails and texts are a common tactic used by online criminals, as it enables them to target a large number of consumers with the same text or email, with the aim of gathering personal information. These fake parcel delivery scam messages can trick consumers into visiting malicious websites that can be used to install malware or steal personal or financial information and passwords,” he said, adding that “it's also important to remember that official organisations will never ask for personal or financial information via text, phone or email”. 

“If you witness this, it’s always best to contact the organisation directly or report it to Action Fraud online at actionfraud.police.uk or by calling 0300 123 2040,” he said.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Russia's "politically motivated" REvil raid could be used as leverage, experts warn
ransomware

Russia's "politically motivated" REvil raid could be used as leverage, experts warn

17 Jan 2022
Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp
phishing

Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp

21 Dec 2021
Five things to consider before choosing an MFA solution
Security

Five things to consider before choosing an MFA solution

17 Dec 2021
Australia and US sign CLOUD Act data-sharing deal to support criminal investigations
cyber crime

Australia and US sign CLOUD Act data-sharing deal to support criminal investigations

16 Dec 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022