The National Computer Emergency Response Team (NCERT) has issued a cyber security advisory concerning the rise of fake delivery package scams.
According to the advisory, these scams involve fraudulent SMS messages pretending to be from courier services like Pakistan Post, TCS, Leopard, and FedEx.
The messages urge recipients to update their addresses via a malicious link, aiming to steal personal information or install malware.
According to NCERT, these scams begin with an SMS that appears to come from a legitimate courier service. The message typically includes a tracking number and looks authentic. It claims there is an issue with the delivery address, creating a sense of urgency for the recipient to click a link to resolve the problem.
Once the link is clicked, it redirects to a fake website designed to look like a real courier service portal. This site is set up to collect personal information. Sometimes, the link prompts the download of a file containing malware. According to National CERT, scammers use these tactics because they know many people are expecting packages. The urgency and familiar branding in the messages make the scam more convincing.
NCERT advises the users to verify the sender’s phone number or email address and be cautious with messages from unknown sources, especially those with errors, to avoid clicking on links in unsolicited messages. The advisory has asked the users to visit official websites directly and hover over links to check their destination before clicking.
