Smishing con

Fake parcel delivery text messages on the rise

Fake text messages during covid

People staying at home during Covid has given rise to the scam

Parcel and package delivery scams are now the most prevalent type of con-trick used to target consumers.

Criminals are sending fake messages using a ‘smishing’ technique that impersonates trusted organisations.

These text messages often contain a link to a fraudulent website that replicates a legitimate site, asking the victim to enter personal and financial information.

New data provided to UK Finance by cybersecurity company Proofpoint show that is been a growing problem across the UK as more people have relied on home deliveries during the Covid-19 pandemic.

Proofpoint operates the 7726 text message system on behalf of mobile phone operators, which allows customers to report suspicious texts. The numbers 7726 on a keypad spell out the word ‘SPAM’.


Each year within the UK, Proofpoint receives millions of text messages reported as spam and the data shown in the table covers those categorised as smishing for the 30 and 90-day periods to mid-July.

This shows that over the longer 90-day period, the number of scam texts pretending to be from a delivery firm represented more than half of all smishing attempts, with those pretending to be from a bank or other financial institution representing around a third.

During the recent 30-day period however, the proportion of delivery scam texts has increased significantly and represents three times the number of those pretending to be from a bank.

Malicious texts are often part of a wider scam. If someone clicks on a link and provides information, they may then get a phone call from someone claiming to be from their bank.

Exploiting the personal and financial information provided in the text message, the person offers to help safeguard funds by trying to convince someone to transfer money into a “safe account”, which is in fact an account run by the same criminal that sent the original text message.

Reports to the 7726 system are being used by the National Cyber Security Centre (NCSC) to take down fraudulent website URLs and prevent further fraud losses.

Leave a Reply

Your email address will not be published. Required fields are marked as *

This site uses Akismet to reduce spam. Learn how your comment data is processed.