NCSC warns of 'Fake missed parcel' scam

The National Cyber Security Centre has issued new guidance on how to deal with the growth of 'Fake missed parcel' scams which have been sweeping the UK.

The National Cyber Security Centre has issued new advice on how to deal with the epidemic of 'Fake missed parcel' scams that have been plaguing the UK.

Cybercriminals are encouraging UK citizens into downloading a malicious app by sending convincing-looking 'missed parcel' text messages. The messages contain links to an ‘official’ delivery or parcel tracking app.

The app is not as innocent or helpful as it may seem and in fact, is malicious and contains spyware. If installed, it can possibly steal your banking details, passwords, and other sensitive information. The app also accesses your contacts and sends them to the criminals, and sends additional text messages from your device to other people's contacts, further spreading itself.

This guidance explains:

An NCSC spokesman said: "These spyware apps are technically known as ‘banking trojans’. Currently, the two most common are called FluBot and Anatsa.

"The scam works by impersonating the apps and messages of legitimate organisations, so people believe they are installing ‘official’ apps. As we described above, the malicious app is designed to steal passwords and other sensitive data. These apps have even led to the theft of money from bank accounts."

The NCSC states the following steps should be taken immediately if you think you may have been a victim of this scam.

1.Perform a factory reset as soon as possible.

  • The process for doing this will vary based on the device manufacturer, so refer to the NCSC’s second-hand devices guidance for details.
  • Note that if you don’t have backups enabled, you will lose data.
  • Note you may need to enter a password when you reset your device (make sure you change this password).

2. When you set up the device after the reset, it may ask you if you want to restore from a backup.

  • Do not restore any backups created after you downloaded the app, as they will also be infected.
  • Also, keep in mind that automatic backups are made every 24 hours if you’re connected to Wi-Fi.

3Change your account password.

If you have logged in to any accounts or apps using a password since downloading the app, you must change that account password.

4. Change any passwords on other accounts if necessary.

If you have used these same passwords for any other accounts, then these also need to be changed.

5.How to safely check for missed parcels

If you’re expecting a delivery and you receive a ‘missed parcel’ message:

  1. Do not click the link.
  2. Use the official websites of delivery companies to track your parcel. We've listed the official websites of major delivery companies below.

6. Reporting suspicious-looking messages

If you receive a ‘missed parcel’ message that looks suspicious:

  • Do not click the link in the message, and do not install any apps if prompted.
  • Forward the message to 7726, a free spam-reporting service provided by phone operators. If you are not sure how to forward a text message from your particular device, search online for instructions.
  • Delete the message.

For more guidance on dealing with suspicious messages, refer to our separate guidance.

7. How to protect yourself from future scams

  1. Back up your device to ensure you don’t lose important information like photos and documents. The Cyber Aware guidance explains how to do this.
  2. Only install apps from official ‘App’ stores. For example, most Android devices use Google’s Play Store. Some manufacturers, such as Huawei, provide their own app store.
  3. For Android devices, make sure that Google’s Play Protect service is enabled if your device supports it. Some Huawei devices provide a similar tool to scan devices for viruses. This will ensure that any malware on your device can be detected and removed.

Featured Articles

How secure is sensitive data stored in the cloud?

A Cloud Security Alliance (CSA) survey has found 67% of organisations store sensitive data in public cloud environments, but how secure is it?

CYBER LIVE LONDON: Day 2 highlights of the hybrid tech show

We take a look at highlights of the different stages at the Tech Live London show, including insights from Claroty, SalesForce and Oracle

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

Does a cashless society mean higher risk of fraud?

Cyber Security

5 minutes with Gary Brickhouse, CISO of GuidePoint Security

Cyber Security

CTO at Passbolt explains the importance of password managers

Application Security