Cybercriminals often use text messages to try and trick you into clicking on malicious links, a method known as “Smishing.” In a recent scam, they send a fake text message that says a package is unable to be delivered to you. The text contains a link, but it may not be clickable. There is a security feature on many smartphones that automatically disables links in unexpected messages. So, the cybercriminals will instruct you on how to bypass the feature. The message says to copy and paste the link into your browser to open it. There is a sense of urgency to the message. It says that you must use the link to confirm your delivery information in 12 hours in order to receive your package.

If you follow the instructions and open the link, you will be taken to a web page that appears to belong to the package carrier. You will be asked to enter your personal or financial information on the website. However, the website is fake, so entering your personal details will allow cybercriminals to steal this information. 
 
Follow these tips to avoid falling victim to a smishing scam:

  • In this case, the instructions ask you to paste the link into your browser in order to open it. Be aware of unusual instructions in a text message. The message also instructs you to take action quickly. Cybercriminals frequently use this technique to try and trick you into acting impulsively.
  • It is suspicious to receive a text message for a package delivery if you are not expecting a package. Always ask yourself if the message is expected. 
  • Do not tap on links in an unexpected message. It’s always safer to navigate to the official website in your web browser.