These days with COVID lockdowns, almost everyone is ordering something online. The Catch 22 – home delivery SMS scams are skyrocketing.
I get about 15 per day telling me that I need to click a link to track a parcel; or stop it from being returned to sender; or confirm someone will be home. The problem is that even if they appear to come from Australia Post, it is invariably AusPo.st, Starttrack, or DH.LCom or some other weird web address.
Do not click –delete these scam emails. All they do is load malware like Flubot or make you download a dodgy app to control your smartphone.
According to the ACCC ScamWatch site, over $192,684,367 has been scammed in 19,991 reports to the site. That is about $1000 for each report. While most are investment and dating scams, the online shopping category is now the fifth-largest category, and text messages are the critical scam delivery vector.
Why are you getting SMS scams at all?
Simple – scammers use a sequential number generator starting from 0400 000 000 (Australia’s starting bracket) and auto sends via a cheap and easily obtainable bulk 4G SMS broadcast box that can generate up to 230K messages per hour. It hooks up to software that spoofs sending numbers and records successful transmission and opening.
Scammers also sell the cleaned lists of deliveries and openings for a pretty price too. The list can be reverse lookup to get EMEI numbers, phone model and location. Eventually, the list of active SMS numbers becomes manageable and is gold to scammers.
SMS scam variants
Once this current delivery scam is over, cybercriminals will move on to other scams. Expect to see Black Friday scams, Xmas scams, event-related scams (Easter, Mothers Day, Father’s Day) and even birthday scams where your DOB is part of the message stream.