Cybercriminals are using SMS messages to pose as UK delivery services, such as ‘Royal Mail’ to collect personal details.

The SMS messages appear unsuspecting, giving victims an update about the parcel that they have ordered. However, the deceitful link redirects users to download a malicious app onto their smartphones. This App contains spyware which, if installed, can steal your banking details, passwords, and other sensitive information contained on your Smartphone and send it to Cyberattackers. The software will also use your device to send the messages to your contacts, further spreading the malware.

 If you receive messages like these, here’s some tips to help:

• Are you expecting a delivery? If you aren’t then you know it is a phishing attempt, ignore the message.
• If you are expecting a delivery, is the message from the expected courier? If it is not then you know it is a phishing attempt, ignore the message.
• If you are expecting a delivery and the message is from the correct courier, check the link is a genuine URL from the delivery provider. You can do this by checking the courier’s website URL matches the one on your text message. If the link is not genuine, you know it is a phishing attempt, ignore the message.

For total peace of mind, we recommend not clicking links from text messages or emails and going to the official website of the company to track your order.

See below for two examples: