A new hacking method is found in the disguise of fake text messages. If you happen to found SMS chats on your phone saying that you have a delivery package, waiting to arrive at your doorstep, don't ever open the websites on the chats. It's a trap to get your personal details such as credit cards, contact lists, and more.
Don't have any missed delivery package? Don't open texts saying you do
On Wednesday, July 1, ZDNet reported the newest scam that mainly targets most online shoppers out there. Here's how they do the scam.
First, phone users will be receiving a series of fake text messages saying that they have missed delivery packages in their local postal office. A phishing link to their local office's post office or a government agency website is linked in the said text messages. Users will be required to open the said link and download an app posing as the fake United States Postal Service app.
Just in case, users will be alarmed with the sudden download of mysterious phishing files. Then, the system will automatically transfer the page of the link to the real website. In this way, victims won't identify that they are being scammed or anything.
After this, the malware will ask you a series of privacy questions in order for the app to allow them access. Since its a government postal office, users are likely to check 'allow' in all privacy inquiries.
Once installed, all the files in your phone, including name, phone number, contacts, bank, and cryptocurrency wallet details, as well as monitoring text messages and app users will be saved by the malware.
Same Old Story
Here's another news about this hacking scheme. The scam is no longer a new thing in the hacking world.
The report said that infamous FakeSpy malware was behind the said security issues, and the targeted victims were users across Asia, Europe, and North America.
This group has been one of the most famous hacking campaigns in the world. It has been active since 2017 but only initially targets Japan and South Korea back then.
If you think that you've already been a victim of this scheme, here's what you should do, according to expert.
"Users should apply critical thinking and be suspicious of SMS messages containing links. If they do click on a link, they need to check the authenticity of the webpage, look for typos or wrong website names, and most of all - avoid downloading apps from unofficial stores," Assaf Dahan, senior director and head of threat research at Cybereason, told ZDNet.
"Deleting the fake application through the application manager is a good way to mitigate this threat. In addition, having a mobile security solution can detect and remediate the threat," he added.
