NCSC warns of 'Fake missed parcel' scam

Share
The National Cyber Security Centre has issued new guidance on how to deal with the growth of 'Fake missed parcel' scams which have been sweeping the UK.

The National Cyber Security Centre has issued new advice on how to deal with the epidemic of 'Fake missed parcel' scams that have been plaguing the UK.

Cybercriminals are encouraging UK citizens into downloading a malicious app by sending convincing-looking 'missed parcel' text messages. The messages contain links to an ‘official’ delivery or parcel tracking app.

The app is not as innocent or helpful as it may seem and in fact, is malicious and contains spyware. If installed, it can possibly steal your banking details, passwords, and other sensitive information. The app also accesses your contacts and sends them to the criminals, and sends additional text messages from your device to other people's contacts, further spreading itself.

This guidance explains:

An NCSC spokesman said: "These spyware apps are technically known as ‘banking trojans’. Currently, the two most common are called FluBot and Anatsa.

"The scam works by impersonating the apps and messages of legitimate organisations, so people believe they are installing ‘official’ apps. As we described above, the malicious app is designed to steal passwords and other sensitive data. These apps have even led to the theft of money from bank accounts."

The NCSC states the following steps should be taken immediately if you think you may have been a victim of this scam.

1.Perform a factory reset as soon as possible.

  • The process for doing this will vary based on the device manufacturer, so refer to the NCSC’s second-hand devices guidance for details.
  • Note that if you don’t have backups enabled, you will lose data.
  • Note you may need to enter a password when you reset your device (make sure you change this password).

2. When you set up the device after the reset, it may ask you if you want to restore from a backup.

  • Do not restore any backups created after you downloaded the app, as they will also be infected.
  • Also, keep in mind that automatic backups are made every 24 hours if you’re connected to Wi-Fi.

3Change your account password.

If you have logged in to any accounts or apps using a password since downloading the app, you must change that account password.

4. Change any passwords on other accounts if necessary.

If you have used these same passwords for any other accounts, then these also need to be changed.

5.How to safely check for missed parcels

If you’re expecting a delivery and you receive a ‘missed parcel’ message:

  1. Do not click the link.
  2. Use the official websites of delivery companies to track your parcel. We've listed the official websites of major delivery companies below.

6. Reporting suspicious-looking messages

If you receive a ‘missed parcel’ message that looks suspicious:

  • Do not click the link in the message, and do not install any apps if prompted.
  • Forward the message to 7726, a free spam-reporting service provided by phone operators. If you are not sure how to forward a text message from your particular device, search online for instructions.
  • Delete the message.

For more guidance on dealing with suspicious messages, refer to our separate guidance.

7. How to protect yourself from future scams

  1. Back up your device to ensure you don’t lose important information like photos and documents. The Cyber Aware guidance explains how to do this.
  2. Only install apps from official ‘App’ stores. For example, most Android devices use Google’s Play Store. Some manufacturers, such as Huawei, provide their own app store.
  3. For Android devices, make sure that Google’s Play Protect service is enabled if your device supports it. Some Huawei devices provide a similar tool to scan devices for viruses. This will ensure that any malware on your device can be detected and removed.
Share

Featured Articles

Kyndryl and AWS: The Cyber Issues Facing the Energy Sector

Kyndryl and AWS survey highlights the cybersecurity readiness gap in energy enterprises, with oil & gas organisations among the top groups at risk

Customer Confidence: Hiscox Reveals Growing Cost of Attacks

Hiscox study shows 43% of businesses lost customers after breaches, an almost doubling in sentiments

Supply Chain Security: Why Is It Key for the Energy Sector?

Check Point Software and Black Duck analyse KPMG research that analyses why the energy sector is at such high risk of supply chain attacks

Top 10 OT Platforms

Operational Security

Microsoft: What Satya Nadella's $5m Pay Cut Says About Cyber

Cyber Security

Armis Security: The Company Reaching Valuations of $4.3bn

Cyber Security