Once the WhatsApp that we used in the old Nokia brick, SMS messages were almost banished. But in the current era they found a new life when used by banks, government institutions and companies and businesses. Such as parcel service companies, which usually notify you by email and / or SMS of the arrival date of a package you are expecting. And that is precisely the reason for this notice.
The experts from INCIBE, the National Cybersecurity Institute have detected in the last hours a campaign to send fraudulent SMS, smishing, who try to impersonate the transport and shipping company GLS. In the detected SMS it is reported that the user has an order that has not been sent and it is stored in the warehouse due to the fact that payments have not been made for its shipment.
What happens if you click on the URL in the message? A window opens in the browser pretending to be the legitimate GLS page. If the package tracking button is clicked, the user is instructed to must pay € 1.50 customs fees, where it will give the option in addition to scheduling the delivery.
Next, the fake site shows some options so that choose how and when you want the delivery, selecting options such as whether you want it to be in the office or at home and the delivery time. At this time, you will see how all your personal data is requested.
No, they will not ask you for extra payments
If follow is clicked, things get worse as they will ask for your credit card details. If the credit card details are entered and the option ‘complete purchase’ is clicked, an error message will appear in the browser indicating that it is contacted by email if the error persists. It is at that moment when cybercriminals will have in their possession all the personal data that you have given them, including that of your card. And they will be able to carry out fraudulent actions with them.
If you have provided them with all your data, it is important that you contact your bank as soon as possible, so that they block your credit card. And it is that, in general lines, the wording of the message is correct although punctuation errors are detected, and the payment requested is minimum (€ 1.50), a fact that possibly makes more victims fall for the deception as it does not entail a great economic cost for the user.
If you are still not sure, before entering the link try to contact the official GLS service, and there they will explain that it does not come from them.