“Your package is here!”.
We remember. A few months ago, this announcement via SMS was a trap that sprung as soon as the specified link address was clicked. Malware was installed in the background, which, in the worst case scenario, would target the recipient's bank account details. A1 revealed in December 2021 that this is the extremely dangerous malware “FluBot”, which “can infect the smartphone very quickly by clicking on the link or opening the message.”

“In the worst case, the Trojan unnoticed sends thousands of SMS messages from your device to all contacts (and infects them too) or tries to get bank and credit card details.”

Source: A1

Such SMS is a form of “smishing”. Some are aiming to spread malicious apps that read data and send masses of SMS to saved contacts, as A1 and t-online explain:

“With “smishing” – a combination of SMS and phishing – you receive an SMS with a link.
(…) If you click on the link in the text messages, you are directed to dubious websites where you are supposed to download apps - often for alleged package tracking. In fact, it is malware that triggers the mass sending of SMS to all contacts and other numbers stored in the cell phone. This is only possible with cell phones with the Android operating system; with Apple, software downloads from unknown sources are not possible.”

Source: t-online

The purchased gift

Now a new scam is circulating and once again it's about getting users' data. This time the fraudsters are luring people with “purchased gifts”. In this case, too, it is an SMS with a damaged link – a “smishing”. While some of the package announcements were already written in poor German, these fraudulent SMS messages are already revealed by their sometimes confusing wording.

SMS - Smishing message / screenshot: Techbook
SMS – Smishing message / screenshot: Techbook

“Your purchased gift has been delivered to the specified location, please pick it up,” the text message reads. A link can be found underneath. This refers to a dynamic DNS service that makes it very easy to set up websites that, as in this case, deceive the user. Under no circumstances may email addresses and other personal data be disclosed.

If you're wondering why the fraudsters actually got the number, the contact details could have been collected in a hacked forum with a data leak or on social media. One of the personal contacts has already become a victim. Or you were contacted during automatic number generation. So be careful who you give your personal information to.

How can you protect yourself against fraudulent SMS?

The message is usually written in bad German and should make the recipient sit up and take notice.
There is no personal salutation with name. What you can do: Mark the SMS as spam and block the sender. Never click on such links. What to do once you click on the link?

Telekom , first put your phone in flight mode.
This interrupts contact with the control of the malware. Now manually back up images, information and contacts that you urgently want to keep. Then reset your phone to factory settings. This also removes the malware. Preventatively on Android smartphones: Deactivate the setting 'Allow software installation from unknown source/origin'."

A1 also recommends changing all access data to payment apps and online shops from another device. Account movements should also be closely monitored in the coming weeks.

You might also be interested in: Warning from Sparkasse about phishing SMS “pushTAN 2.0”

Sources: A1 , Telekom , t-online , Techbook , futurezone.de


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )