Delivery scams become most common form of smishing
Cyber security provider Proofpoint finds a major increase in the number of threat actors impersonating postal services
Parcel and package delivery scams now constitute more than half of all reported text phishing, or 'smishing', attempts in the UK, as remote working increases consumers’ and businesses’ reliance on postal services.
That's according to new data published by trade association UK Finance, with the findings attributed to cyber security provider Proofpoint.
The company found that, between 15 April and 14 July 2021, 53.2% of all reported scam text messages were sent by threat actors posing as postal delivery firms.
Data collected by Proofpoint also shows that the trend of impersonating postal services such as the Royal Mail is on the rise. Between 14 June and 14 July, parcel and package delivery scams constituted 67.4% of all smishing attempts.
By contrast, impersonating financial services and banks is becoming less prevalent, falling from 36.8% between 15 April and 14 July to only 22.6% for the 30-day period up to mid-July.
According to Sarah Lyons, NCSC deputy director for Economy & Society, Proofpoint’s findings prove that scammers choose to “regularly exploit well-known, trusted brands for their own personal gain” and that these messages “can be very hard to spot”.
How to reduce the risk of phishing and ransomware
Top security concerns and tips for mitigationFree download
“If you think you've already responded to a scam, don't panic. Whether you were contacted by text message, email or phone, there's lots you can do to limit any harm,” she said, adding that people should forward scam messages to to 7726 as well as visit www.cyberaware.gov.uk “for more information on how to protect your online accounts and devices”.
McAfee VP Antony Demetriades told IT Pro that Proofpoint’s findings are symptomatic of the mass shift to remote working:
“Following nearly 18 months of lockdowns, working from home, and store closures, it’s not surprising that we’ve seen an increase in online criminals tapping into consumer online shopping habits with fake parcel delivery scams.
"Scams and fraudulent emails and texts are a common tactic used by online criminals, as it enables them to target a large number of consumers with the same text or email, with the aim of gathering personal information. These fake parcel delivery scam messages can trick consumers into visiting malicious websites that can be used to install malware or steal personal or financial information and passwords,” he said, adding that “it's also important to remember that official organisations will never ask for personal or financial information via text, phone or email”.
“If you witness this, it’s always best to contact the organisation directly or report it to Action Fraud online at actionfraud.police.uk or by calling 0300 123 2040,” he said.
Accelerating AI modernisation with data infrastructure
Generate business value from your AI initiativesFree Download
Recommendations for managing AI risks
Integrate your external AI tool findings into your broader security programsFree Download
Modernise your legacy databases in the cloud
An introduction to cloud databasesFree Download
Powering through to innovation
IT agility drive digital transformationFree Download