A scam that involves a fake chatbot is doing the rounds asking victims for sensitive information including payment details, addresses, and full names. The scam originates from a phishing email that tells the victim they can track a parcel using a link within the email. Upon clicking this link, victims are taken to a malicious parcel tracking page (which looks just like a legitimate parcel tracking site) with plausible information such as a tracking number. A chatbot then appears and asks for the victim’s details.
Scams posing as delivery companies have been getting ever more popular over the past few years and this was expedited with COVID due to many people buying supplies online during the lockdown. Although the scams are relatively simple, they have been getting more convincing with things like “Smishing” where the “delivery company” sends the victim a text with a link saying they can track their parcel here. These scams can be very effective as not many people are aware you can be phished with text messages.
In an official statement, Royal Mail commented “under no circumstances ask you to send your account details or password via e-mail” and “We will never send an email asking for credit card numbers or other personal or confidential information.” You can read the full publishing here. It’s best practice to know how to spot phishing emails, attackers will often use authority, urgency, emotion, and current events to entice you into giving them what they want. If you have any doubts about an email being legitimate, the best thing to do is to reach out to the company/person separately, phone the person using a number you know is correct, reach out to the company using their official support number and confirm the email is legitimate that way.
You can also make yourself a harder target for phishing attacks. Scammers use publicly available information about you to build up a knowledge of you to better target the emails. You can tackle this by upping your social media privacy settings to be stricter and restricting who can see your information.
Cyber Wise recommends that you report any emails you suspect as phishing to your IT team, if they confirm it as a phishing attempt you can then report it to NCSC’s phishing service by forwarding the email to Report@phishing.gov.uk For scam texts you can report those by forwarding the text to 7726. This will report the text to your provider for them to investigate.
