By tapping on a link in the SMS package, the cell phone owner unintentionally downloads malware that allows fraudsters to gain access to the cell phone and send paid SMS messages. In addition, the fraudulent SMS messages are forwarded to the contacts of the cell phone owner.

Information: This is smishing. Smishing is a combination of the words SMS and phishing. In this type of cybercrime, the victim receives a fake SMS that contains a link that redirects the user to a website. This form is already known from so-called phishing emails. Sensitive data is then requested on this website or malware is installed.

The link in the fake package SMS poses a danger to users of Android smartphones - and only if you manually install the offered app file (APK) on your smartphone . The link leads to a website that does not contain package notifications - but an "APK file". An APK file is a program file for an Android app.

The current news is the following or similar ones:

MIMIKAMA
Screenshot of the fake package SMS that reads: “Your package has been delivered. Please review and accept it in time.”
Screenshot of the fake package SMS that reads: “Your package has been sent. Please review and accept it.”
Screenshot of the fake package SMS that reads: “Your package has been sent. Please review and accept it.”

Opening the SMS itself does not pose any danger, but if the APK file is installed, it can, for example, forward all received SMS. This allows the perpetrators to obtain, among other things, security codes for logging into accounts and websites. The app also enables complete remote control of the cell phone. This in turn can be used to access your bank account, place orders in online portals or click on advertising and other malicious links on visited websites.

What should you pay attention to now?

In this case, iPhone users are safe from such an APK file because iPhones do not allow app installation outside of the App Store. However, things are different for Android users, but Android users are not completely helpless either.

In order for the virus to be installed on the cell phone, several circumstances must occur at the same time:

  1. The recipient of the fake package SMS must first tap the link and access the address in their browser.
  2. Behind the address there is a website that offers an APK file and provides information on how to install it.
  3. To do this, the manual installation of apps from other sources must be activated on the cell phone (sideloading).
  4. At the end, the recipient must expressly agree to the installation of this APK file.
MIMIKAMA
Screenshot of the APK file

Note: If you ever receive a real package notification via SMS, you will have to download an APK file separately (we do not know this yet). Normally you will be redirected to the website of the respective delivery service.

So: If you receive a text message like this, don't tap on the link. If you have typed anyway, then you will not allow the APK file to be installed!

Our tips for you

  • Under no circumstances should you click on links that you receive unexpectedly or from strangers.
  • It is possible to set up a third-party block with your mobile phone provider. This block prevents payments via the mobile phone bill to third parties,
  • Do not confirm the installation of third-party apps and deactivate the automatic installation of apps in your cell phone's settings.
  • Make backups regularly.

If you have already downloaded the malware, follow these steps:

  • Switch your smartphone to airplane mode,
  • Inform your provider
  • In Safe Mode, try uninstalling the unwanted app
  • Check the possibility of resetting the smartphone to its factory state without losing important data.

How do you recognize scam SMS?

Unfortunately, there is no magic formula for identifying fraudulent SMS messages. In general, it is advisable to be suspicious and pay attention to whether the SMS text has any anomalies, such as strange URLs, spelling errors or special characters in inappropriate places in the text, etc. These can be indications that something is wrong. If you have the slightest doubt as to whether a parcel notification is legitimate, there are other options: Check your current orders online from the mail order companies and only use the postal service providers' tracking apps offered via the official app stores.

More articles on this topic can be found HERE .

Also read: “Smishing” – SMS phishing with new scams

Sign up for the Mimikama newsletter

Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )