Are you expecting to receive a package? Did you receive an SMS or email from a delivery service? Attention scams and scams!
The parcel scam was a hit during the summer! Be careful, because In its most classic version, this scam operates as follows: After an exchange, a chatbot risks extracting sensitive data from you in two clicks on your smartphone! Thousands of French people have already been victims, and it continues!
A scam that does not date from today
– The Parisian (@le_Parisian) September 2, 2022
Attention ! Lparcel scam spread like wildfire. The government is alerting French people to the increase in the number of false SMS or emails announcing the delivery of a package.
This is a modus operandi that does not date from yesterday, but has been going on for several years. She invites potential victims to click on a link to receive this package that does not exist. But this time, the scammers aim to make a massacre on the phone of future victims.
“Your package has been sent”: what you need to know about this SMS scam pic.twitter.com/ttkyDB4VZA
— BFMTV (@BFMTV) August 2, 2022
« It is a process that had exploded during the second confinement, with the boom in deliveries and which returns episodically during the sales period.“, explained Jean-Jacques Latour, expertise manager at Cybermalveillancethe national victim assistance system.
Experts have seen this scam bounce back this summer. ” We saw a increase in the phenomenon arriving at the end of June, we said to ourselves that there was a problem, because people have normally been sensitized for several years. Usually, we have less than ten requests for assistance on this subject per day. At the end of June, we had peaks with about twenty and thirty daily calls for help“, confided Jean-Jacques Latour.
An evolution of the device
#Scam | ⚠️ FALSE campaign #SMS delivery of #package In progress
❌ Do not click because you risk infecting your #telephone and have your accounts hacked!
➕ d’infos 👉 https://t.co/A7e8noszwI pic.twitter.com/gkYtjjFnHm
— Prefet you were (@Prefet83) September 3, 2022
It was at the end of July, with the arrival of the telephone bills, that the extent of the damage made its appearance. These text messages were sent to millions of people.
Cybercriminals have evolved their device. This is no longer about classic phishing, pushing to pay to receive his package. Indeed, the new scam consists in recovering all the data of the phone and using this same phone to spread the virus.
One scam for Android, another for iOS
Quentin Bourgue, Cybersecurity Engineer at Sekoia, had himself received an SMS inviting him to click on a link at the beginning of the summer… So, the latter decided to investigate the matter. ” What happens is that we arrive on a site that has different behaviors depending on our situation. It’s an error page if you’re not in France, it discreetly installs malware (invisible and sneaky software) under the pretext of an update on Android. On iOS, it offers a fake identification form on Apple ID. he explained.
Note that Quentin Bourge specializes in cybersecurity. His employer, SEKOIA.IO is a European cybersecurity publisher whose mission is to develop the best protection capabilities against cyber attacks.
Either way, this scam needs to come to a result. This involves stealing passwords, banking information, contacts, installed applications and calls made…
It is from an Android that the scam is the most cynical. Indeed, through an Android, it aims to install, in two clicks and without seeing anything, a fake application, which uses the codes of the Google Chrome browser. Also, the scam asks for permissions.
As far as iOS is concerned, all the information stored on Apple ID is stolen. Reselling this information at exorbitant prices is the goal of these scams.
The government is alerting us!
Government website article, regarding this threat is the second most read site cybermalveillance.gouv. ” Currently, 200 people come to read these precautions every day“, revealed Jean-Jacques Latour. Sekoia estimated that 70,000 French people had clicked on the link and/or downloaded the malware without their knowledge. But ” every week this number increases“says the engineer. And add ” This visible part of the scam appeals to consumers. We must consider that their phone and all their accounts are compromised. Changing the SIM card does not help. Hacking into mailboxes, recovering identifiers, taking out consumer credit… People can have more trouble afterwards, overbilling is only the tip of the iceberg. Online hacker stole all your data, it’s a ticking time bomb“, he warns.