How to avoid being a victim of SMS impersonating DHL and other transport companies

The SMS warning that a fake package is being sent or that it has been tried to deliver without success have become a series of threats: If you receive a text message related to the delivery of packages, be alert. From DHL, FedEx, MRW, Correos Express, Envialia … Scammers use the most well-known transport companies to install a malicious application.

One of the scams that is more widespread today is the one that comes through the phone’s SMS posing as a transport company. With a mechanics similar to that of the classic ‘phishing’ type emails, Android is relatively vulnerable since allows to install dangerous applications in a more or less simple way. And that’s what scammers are trying to do: trick you into installing a file to steal your personal data and even credit card money. Let’s see how you can protect yourself.

Extreme caution against any SMS that you are not waiting for

Sms

The perfect platform for spoofing scams is text messages or SMS. Since most authentication, payment and shipping alerts arrive this way, it is enough to imitate the style of authentic missives to lead victims to download and install a malware-infected app. That is the mechanism that drives the SMS scam of DHL, MRW, Correos Express and other transport companies, always supplanted.

This app promises to remove FluBot, the FedEx SMS malware, in a few easy steps

Since the way to fall for the scam is to click on the links of an SMS, the first thing you should take into account are these messages. If one arrives alerting you of the status of your shipment, and you did not expect anything, it is obvious that the content of the message is surely false, but you may have doubts if you recently bought a product online.

Always question all text messages that reach you and carry out an investigation before agreeing to what they ask of you. Check the status of your shipment, make a new delivery, notice of a pending package… Scammers use urgency and curiosity to trick you.

Never install an application, not even from Google Play

Scam Sms Dhl Appearance of the pages to download the malicious app on Android

Transportation companies may have an app to contract shipments and facilitate deliveries, but they will not force you to install it to check your orders. Any SMS that you receive indicating that you are accessing a download will almost certainly be a scam.

Transportation companies never force you to install an application to check orders. If the website you access does not give you the tracking information, be on the alert

The scams that we have detected on Android always try to get the victim to install an application. This is downloaded directly from the website to run like any APK: you need to give the browser permission to put it on your Android. Therefore, to avoid problems, avoid installing any files they ask for. Even if the link from the SMS takes you to Google Play.

Make sure the web address corresponds to the transport agency

Web Scam Sms 1 Example of a website with the download of the supposed MRW application

Scammers mimic the look of the transportation agencies they impersonate. Therefore, when you access the web from the link that appears in the received SMS said page will aesthetically resemble DHL, MRW, Envialia, Correos Express, FeDex and any other transport company whose identity has been impersonated. But the web address or URL cannot be spoofed.

Look at the address of the link, also the one that appears in the search bar. If you cannot see this address do the following:

  • Click on the browser menu.
  • Click on ‘Share’ and choose your notes application. Or send a message to yourself, for example (Telegram, email …).
  • Once the link is pasted, look at the address that appears and compare it with the name of the transport agency. If it is not a mrw.com, fedex.com, dhl.com or similar are trying to scam you.
Web Scam Sms Example of an authentic DHL message

The web addresses from which malicious applications are downloaded are highly variable as the scam is constantly mutating to bypass the blockades of web servers and search engines. Therefore, in the event that the domain is not clearly seen as belonging to the transport company, completely distrust the page. Even so: as we said in the previous point, never download applications to your mobile just because a website that you came to from a text message asks you to do so.

Monitor the status of orders only from the website where you bought them

Sms Order Scam In the customer area of ​​the store you can check your orders without risks

Falling for the scam is not that difficult when you are really expecting a package. It is enough to receive a message advising that it could not be delivered for you to panic and access the page that gives rise to the deception. Even it might tempt you to install the app with malware, there is no doubt that the risk of losing a shipment implies anguish and intention to avoid it.

The best way to avoid an SMS scam is to ignore the text messages that reach you and follow the orders from the page where you bought them

While messaging companies send authentic SMS, it is best to rely exclusively on the customer area where you made the purchase. There you have the list of orders with the tracking numbers and authentic links to the transport websites. So forget the SMS and confirm only through the means that ensure the authentic information.

Activate the spam protection of your message app

Scam Sms Spam From left to right: protection in messages from Samsung, Google and Huawei

A good part of the applications to send and receive SMS have integrated protection against SPAM and fraudulent numbers. Activating this function does not guarantee that you will avoid all fraud attempts through the impersonation of transport companies, but you do have a better chance that these messages will not reach you.

The Google messages app has protection against Spam in its settings, for example, also Samsung (in settings, under ‘Block numbers and messages’) or Huawei (in settings, under’ Identification of websites malicious’).

Flubot, the fake Fedex SMS that has a sophisticated and dangerous Android virus behind it: how it works to steal money from the bank's app from its victims

Activating these protections, and blocking the numbers in which you have detected fraud attempts, will help prevent so many false SMS from reaching you and, in addition, you will collaborate so that manufacturers have better trained their databases. You may be aware of scam attempts, but there are many non-tech savvy people who are much easier to fool.

Warn your environment and protect those who know less about technology

Perhaps most of the above points have seemed too obvious to you, but that does not mean that all people know the ways to protect themselves against it ‘phishing‘, come from the middle that come. For this reason, the best way to protect others is to teach them to distinguish which are the authentic SMS and to explain to them that a transport company will never ask for an application to be installed to check an order. Knowing the risks, and knowing how to deal with them, avoid most scams.

Fraudulent links and applications are not so easy to distinguish: helping those who do not know ends up protecting you too

In the event that you or someone you know has installed the malicious application on your Android, the first thing you should do is uninstall it. Here we leave you the way to achieve it.

How to uninstall the fake FedEx app if you have fallen for the SMS scam, step by step

Scroll to Top