Why home delivery scams are NOT getting smarter — as suggested by Sophos

We’ve written several times before about home delivery scams, where cybercriminals take advantage of our ever-increasing (and, in coronavirus times, often unavoidable) use of online ordering combined with to-the-doorstep delivery.

Over the past year or so, we’ve noticed what we must grudgingly admit is a gradual improvement in believability on the part of the scammers, with the criminals apparently improving their visual material, their spelling, their grammar and what you might call the general tenor of their fake websites.

The smarter crooks seem to have learned to cut out anything that might smell of drama or urgency, which tends to put potential victims on their guard, and to follow the KISS principle: keep it simple and straightforward.

It’s almost as though the less work they put in of their own, the better and more believable their fraudulent schemes become.

The scam in words and pictures

The smishing (phishing-via-SMS) lure arrives on your phone, and looks innocent and self-explanatory enough.

The URL ought to be a warning, because it doesn’t look as though it has any connection with the courier company concerned, but it is at least a believable-looking .COM domain with a realistic-looking HTTPS address:

What to do?

Check all URLs carefully. Learn what server names to expect from the companies you do business with, and stick to those. Bookmark them for yourself in advance, based on trustworthy information such as URLs on printed statements or account signup forms.

  • Who on earth is ever going to learn what a server name is, let alone what to expect. But even then, it doesn’t matter because most well crafted phishing attacks don’t do this.
  • And most will open links no matter what we tell them. This advice hasn’t been reliable or effective for the past 20 years, so it’s not going to work now, unless something different is tried to complement it.

Steer clear of links in messages or emails if you can.

Report compromised cards or online accounts immediately. If you get as far entering any banking data into a fake pay page and then realise it’s a scam, call your bank’s fraud reporting number at once. Look on the back of your actual card so you get the right phone number. (Remember that you don’t have to click [OK] or [Continue] for a web form to capture any partial data you have already entered.)

  • Check your bank and card statements. Don’t just look for payments that shouldn’t be there, but also keep an eye out for expected payments that don’t go through. Be alert for incoming funds you weren’t expecting, too, given that you can be called to account for any income that passes through your hands, even if you neither asked for it nor expected it.




MetaCert CEO. Passionate about Cybersecurity, Blockchain, Crypto, Snowboarding & Red Wine. Part of the AOL team that launched AIM. Co-founded 2 W3C Standards.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Загадки для детей Hack Free Resources Generator

Calling out Revolver.News, Reclaim The Net, and Session

How to Block Robocalls and Spam Calls

$41 million USD fine to H&M for breaching GDPR and spying on the personal lives of 126,000…

Best Cybersecurity Lessons and Activities for K-12 Education

{UPDATE} Devine Moi - Puzzle De Logique Hack Free Resources Generator

Hurricane.Finance — The ETH Has Landed

Privacy Debt is the New Technical Debt

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Paul Walsh

Paul Walsh

MetaCert CEO. Passionate about Cybersecurity, Blockchain, Crypto, Snowboarding & Red Wine. Part of the AOL team that launched AIM. Co-founded 2 W3C Standards.

More from Medium

NFT Investor is marketed as a software program which makes use of synthetic intelligence with a…

Fair Pay in “Amateur” Esports

The Time I Failed (duh duh duh)

Resolving Issues Before Moving Forward