So-called smishing involves sending fake SMS messages designed to persuade recipients to access a malicious link. Fraudsters use the fact that many people are waiting for the parcel service to carry out this perfidious scam.

What is smishing?

Smishing is a creation of the terms SMS (short messages) and phishing (theft of access data via fake messages or emails).

Fake SMS with phishing link

The scam always follows the same pattern: The scammers send an SMS asking you to click on a link . In a common scam, they take advantage of the high demand in mail order and online trading and, for example, fake unpaid fees or problems with the delivery of a package: Many people are actually expecting a package and so they follow the request in the SMS.

The links usually lead to phishing sites where recipients are asked to enter, for example, personal data to confirm the shipment (problems with the delivery of the package) or payment or account details (allegedly unpaid customs/postage fees).

In other cases, when the link is accessed, malware is installed on the smartphone, for example with the aim of reading or manipulating further data on the device (e.g. banking apps).

Cyber ​​criminals can then use the data entered for identity theft, sending spam or other phishing campaigns.

The police warn: Do not tap on the link under any circumstances!

Further information can also be found on the website of the Federal Office for Information Security (BSI) .

What can I do if I receive such a text message?

  • Whatever you do, don't tap on the link!
  • Delete the message and block the sender number.
  • If your phone asks whether you want to install an app, do not confirm under any circumstances.

How do I protect myself from smishing?

The easiest way to protect yourself from such attacks is to ignore the text message and not respond to it - this way the message cannot cause any damage.

The police also advise:

  • third-party block through your mobile provider .
  • Block “Apps from unknown sources” in the app or Play store.
  • Install antivirus software.
  • Check the status of an expected shipment in the shipment tracking of the respective transport provider using the shipment number provided to you by the online shop operator.
  • Be suspicious: Especially with so-called short links, as the actual target of the link is no longer recognizable.

What can I do if a malicious app has already been installed?

  • Switch your cell phone to airplane mode so that it cannot receive external commands or send text messages.
  • Call your mobile operator and inform them of the problem. Be sure to ask whether costs have already been incurred.
  • Get a third-party block set up immediately.
  • You should then reset your smartphone to factory settings . This will delete all apps and data that were not present when you purchased the phone.
  • Change all passwords, including enabling two-factor authentication on all accounts that support it.
  • If you have already submitted personal data and/or payment data or if your device has been infected with malware, please report it.
  • Also contact the bank whose payment details you provided.

Source: polizei-beratung.de

Further links: Recognizing phishing emails , phishing checklist (PDF)

Already read? Safeword among family and friends
Sign up for the Mimikama newsletter

Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )