Parcel and package delivery scams are the most prevalent type of ‘smishing’ text messages, according to new data provided to UK Finance by cybersecurity company Proofpoint.
Proofpoint operates the 7726 text message system on behalf of mobile phone operators, which allows customers to report suspicious texts. The numbers 7726 on a keypad spell out the word ‘SPAM’.
Smishing is a technique that criminals use to target consumers with texts impersonating trusted organisations. These text messages often contain a link to a fraudulent website that replicates a legitimate site, asking the victim to enter personal and financial information.
Each year within the UK, Proofpoint receives millions of text messages reported as spam and the data shown in the table below covers those categorised as smishing for the 30 and 90-day periods to mid-July.
This shows that over the longer 90-day period, the number of scam texts pretending to be from a delivery firm represented more than half of all smishing attempts, with those pretending to be from a bank or other financial institution representing around a third.
During the recent 30-day period however, the proportion of delivery scam texts has increased significantly and represents three times the number of those pretending to be from a bank.
| 30 days | 90 days | |
| Parcel and Package Delivery | 67.4% | 53.2% |
| Financial Institutions and Banks | 22.6% | 36.8% |
| Other smishing attacks | 9.6% | 8.9% |
| Government Entities | 0.4% | 1.1% |
Source: Proofpoint data showing the top identified UK-based smishing campaigns by group as of 14 July 2021
Malicious texts are often part of a wider scam. If someone clicks on a link and provides information, they may then get a phone call from someone claiming to be from their bank. Exploiting the personal and financial information provided in the text message, the person offers to help safeguard funds by trying to convince someone to transfer money into a “safe account”, which is in fact an account run by the same criminal that sent the original text message.
Reports to the 7726 system are being used by the National Cyber Security Centre (NCSC) to take down fraudulent website URLs and prevent further fraud losses.
Katy Worobec, Managing Director of Economic Crime at UK Finance, said:
“Criminals are experts at impersonating a range of organisations and have capitalised on the pandemic, knowing that many of us will be ordering goods online and awaiting parcel deliveries at home.
“We are urging people to follow the advice of the Take Five to Stop Fraud campaign and to always stop and think whenever you get a text message out of the blue before parting with your information or money. Always avoid clicking on links in a text message in case it’s a scam and forward any suspected scam text messages to 7726, which spells SPAM on your telephone keypad, so that the criminals responsible can be brought to justice.”
Sarah Lyons, NCSC Deputy Director for Economy & Society, said:
“Scammers and cyber criminals regularly exploit well-known, trusted brands for their own personal gain, and sadly these latest findings bear that out.
“We would encourage people to be vigilant to any suspicious-looking text messages, which should be forwarded to 7726.
“However, these scam messages can be very hard to spot, so if you think you’ve already responded to a scam, don’t panic. Whether you were contacted by text message, email or phone, there’s lots you can do to limit any harm. Visit www.cyberaware.gov.uk for more information on how to protect your online accounts and devices.”
Lindsey Fussell, Network and Communications Group Director at Ofcom, said:
“Criminals who defraud people using scam texts can cause huge distress and financial harm. These scams are becoming more sophisticated and can be very convincing. So if you receive a suspicious text or something doesn’t look right, do not click on any links and report it to 7726.”
Take Five to Stop Fraud urges people to remember the Stop, Challenge, Protect behaviours and to recognise that criminals are experts at impersonating people, organisations and the police.
The advice is to:
- Remember that criminals will send out smishing text messages with links leading to fake websites used to steal personal and financial information. These text messages may appear to be from trusted organisations and may use official branding to convince you they’re genuine. Always access websites by typing them into the web browser and avoid clicking on links in texts.
- Remain vigilant and check delivery notifications very carefully to ensure they are genuine. Text messages may look very similar to those that are genuine but may use generic greetings, such as Dear Sir/Madam, or include spelling errors.
- Always question claims that you are due goods or services that you haven’t ordered or are unaware of, especially if you have to pay any fees upfront.
- Customers can report suspected scam texts to their mobile network provider by forwarding them to 7726 which spells ‘SPAM’ on your telephone keypad.
