Police warn of fake package notifications via SMS and e-mail
The police already warned in January 2021 that a very aggressive scam is currently being used by criminals: You will receive a package notification with a link via SMS. Under the link you should supposedly be able to follow the shipment. I have also been bombed with it, so I can confirm this. If you now click on the link, malware should be shoveled onto your smartphone. We are picking up the topic again here in the blog because of the current situation: Because the leak on Facebook seems to exacerbate this phishing attack.
Small note: Not only SMS, but also e-mails are currently circulating more and more and want to lure you to a supposed link for shipment tracking. I have already received this several times. The game is dangerous because, of course, a lot is currently being ordered because of the Corona crisis. So many users will actually expect packages. It can easily happen that the link is clicked carelessly.
The link above is perhaps still relatively easy to identify as harmful. Often, however, the criminals also use URL shorteners or less obvious fake links. Malicious software such as MoqHao should then be shoveled onto your smartphone, which itself can send SMS and MMS. This should also "serve" your contacts. The malware should also be used to spy on and remotely control your device. The latter could end up in a botnet. It can even happen that your Google account is stolen, as this could bypass the two-factor authentication.
Incidentally, the texts that you receive via SMS are also diverse. Sometimes there is talk of “Your parcel arrives, follow it here”, then it says “The parcel has been delivered” or even a personal address is given with the first and last name, if this data is already available. Either way, of course, you should definitely not click on the links. If you receive such a text message from a contact, it will inform them of the danger and possible compromise of their device.
If you have accidentally clicked on the link, then of course do not install the apps for sale there. Here you are safer on Android if you have blocked the installation from unknown sources, which is the default setting. Apple users should also be careful, because anyone with an older iOS version can be unlucky. The criminals take advantage of a security hole in WebKit. It is important that you update to iOS 14.4.2 from March 26th, 2021 here.
Have you fallen in? Switch your smartphone to flight mode, inform your provider and, if you haven't already done so, set up a third-party lock. The police also recommend filing a complaint. The best thing to do is to take your infected smartphone with you to the local office. Resetting the respective smartphone to the delivery state can also be a way to get rid of the problems.
I have already received corresponding SMS and e-mails myself, but luckily not in bulk. Since it struck me as directly Spanish, I deleted the messages immediately. Have you already been the target of this scam?