City of London and Metropolitan Police arrested eight men for allegedly sending fake messages and trying to trick people into paying a fee to retrieve a parcel, stealing their login credentials in the process.
If you’ve ever wondered about the mechanism behind one of these spam campaigns, take a look at the investigation that ended with the arrest of several people in the UK. It’s a simple enough operation that focuses on a single point of failure. Attackers trick people into revealing their credentials via SMS messages. When they follow the provided link, they see a website that looks like the original and willingly offer the information to attackers.
Out of the eight people arrested, one person, from Enfildhas, has been charged, while the rest have been released under investigation.
“He faces charges of fraud by false representation; possession of articles for use in fraud; possession of criminal property (money laundering),” a spokeswoman for the Dedicated Card and Payment Crime Unit (DCPCU) told the BBC.
In this case, the messages were sent in the name of the Royal Mail. Attackers asked victims to pay a fee to retrieve a parcel, only to reveal their personal and banking credentials in the process. It’s called a ‘smishing’ scam.
“Ongoing investigations are now underway and we will continue to work together to bring those committing smishing scams to justice,” said DetCh Insp Gary Robinson, head of the DCPCU.
Whether it’s an email message or an SMS, the advice remains the same. Never share personal or banking information over the Internet. Don’t open messages or follow links sent by unknown people, and the same goes for email attachments. If you have any doubts regarding a message, you can always contact the supposed sender to verify if they are indeed the source.