SMS Scams: How they get you
Вставка
- Опубліковано 29 лип 2024
- While Ransomware Attacks make headlines simple SMS scams like this fake post office delivery message will likely have way more victims. This video is a deep dive into a real example, with advice for prevention and recovery. Get Anti Stalker : app.mallocprivacy.com/pcsecurity (sponsor)
Buy the best antivirus: thepcsecuritychannel.com/best...
Join the discussion on Discord: discord.tpsc.tech/
Get your business endpoints tested by us: tpsc.tech/
Contact us for business: thepcsecuritychannel.com/contact - Наука та технологія
i am gonna be real honest, idk how this man is not at 500k or 1mil subs yet but leo actually deserves it because i can see the way this is edited took a few hours and people need to know this kind of stuff before cyber attacks take over the electronics
Glad you appreciate it. I've still got a lot to improve on and a long way to go!
You know why? Because the general pop and normies are sheep, dumb sheep that don't understand binary. You ask an average person what JS does, 1/20 will actually have the knowledge, if that. Just because everyone uses a device (at the most rudimentary level), doesn't mean they know how it works and what issues and concerns come with it. Cyber security should be a mandatory highschool class in this day and age, but that will be the day.
Lol I know right? He does a good job keeping others protected on the internet.
Ya some youtubers' vids are soo good I think they have 1m subs when they only have ~100k
@@pcsecuritychannel Can you recommend an SMS app? I've tried 3 with no to bad success. Ty!
My mom got scammed and my dad nearly got scammed through these. They are pretty old and terrible with technology. At work, they should really teach their employees how avoid phone/text/email scams. I know some do but I think all should
What's much scarier than those phishing attempts is websites that use javascript exploits to distribute malware and require no further user interaction other than clicking on the link once.
Even tho the German DHL gets a lot of criticism, at least in Germany they're just putting a piece of paper into your mailbox that says something along the lines of "parcel couldn't be delivered, you can pick it up by [date] at [local post office]"
Same thing in the UK for Royal Mail and couriers - we usually get a slip to say "sorry we've missed you" with your parcel's tracking number. That is why I never believe texts like this and go to the official link to book a redelivery.
Pretty funny my dad got one of these and sends it to me like what did you order? I told him I didn’t order anything and then looked into the text. It looked legit with one major mistake. It provided a “UPS” tracking number with a link to “USPS”.
Well usually there are 4 major red flags you can recognize even 100% perfect scam attempt which involves mail deliveries.
1. Certificate of the scam site is signed by different CA than legit company, or certificate isn't valid for same domains as legit one is.
For example many scammers use Let's Encrypt because it's free, but usually they purchase SSL signed certificate from same CA to avoid obvious detection like that, and you need to compare certificate to one that is for 100% legit site (just like domains of scam sites are slightly different, so are certificates).
2. WHOIS records. Scammers either enter bogus contact information or use privacy protection (just check WHOIS records of your postal service or any legit commercial domain and you know what I mean), also whois records reveal how old domain is (most scammers just purchase domains once, so domains used to scam people aren't older than 1 year, unless it is used for advertising)
3. They ask which pickup point you would like to get the delivery from. Most couriers and post carriers just take that parcel to closest pickup point, and send the address of that place to you via sms if there's no one at home and package doesn't fit in mailbox or through letter hole on the door. If you paid for home delivery, they will bring it back next day and either call you or send message that asks when you are at home. Also there's usually no fees or anything, if you aren't at home to receive the package, so asking your credit card info is big NO NO. If there are any extra fees, you have to pay it once you are getting the package from a pickup destination, never in advance or home deliveries (unless you opted for payment upon arrival or something like that). Received genuine call where carrier tried to scam, claimed I had to pay extra and tried to make me pay in advance.
4. They claim that they have tried to reach you. If you haven't received any calls related to it, you can always confirm their claims by calling the postal service. You should always do that whenever you receive messages like that. Scammers do make calls and send messages etc. so that their scam would seem genuine, but they never talk to you, since you can always ask questions, only genuine delivery personel would know the answer to (like the tracking code and delivery service you chose and paid for)
its usp-s smh a silenced pistol
Thank you, those scams seem to get more and more common recently it seems
Thanks for the video, this is becoming increasingly dangerous these days. Stay safe everyone!
had one sent from "my bank "saying a person had been approved to access my account and if it wasn't me to tap on the link below, which I didn't, but it did get me going for a few seconds.
Also the Post Office doesn't deliver post in the UK... Its delivered by Royal Mail which is a separate company altogether
Thanks for making this video! I've seen these scams here in Singapore, where the scammers seem to impersonate DBS (bank) and the police.
The date of birth did look out of place to me. Why would that be needed for a parcel delivery. And then also usually you get at least 1 but usually 2 free delivery attempts. But I can see how someone may fall for this on a busy day with a lot going on in their life. Scary how legit the website looked tbh. Was the URL also secured with https all the way? This is one thing I always check when I enter card details.
I remember the guy who wrote the code to continuously test fake card numbers on the scam website, and due to the charge for a check of the card they have to pay, forced the scammers to pay a huge sum.
Those SMS scams are very common here in Ireland since Brexit. Packages that are not customs pre-cleared from from outside the EU (such as the UK) are subject to customs fees. The scam SMS is worded like "Your package has arrived in the country on xx/xx/xxxx and has a custom fee of €1.24. Please pay securely via (dodgy link)" with the SMS phone # spoofed as An Post to appear alongside legit An Post SMS messages.
I've gotten a few of them lately, from "Lloyds" to "DPD" to "O2". They all had things in common. For a start, dodgy links. They sent from a private phone number rather than a short code number. The fact that I've had no deliveries due from DPD, haven't had an O2 phone number since 2015, and haven't banked with Lloyds since TSB and Lloyds split a long time ago.
Customs fee ones are particularly hilarious to me, as anything I've ordered form abroad never got above £135 to incur a fee, so I immediately side-eye it.
I'm glad that videos like this are being made to help people who might not be as tech savvy or can't spot scams as well as others.
And... how is this relevant to Brexit?
@@HanSDevX bro read the Text again
This reminds me of en email I got the other day. They claimed to be the bailiff, and I was apparently circa 200 euros in debt.
They'd allegedly repo belonging in my house if I didn't send them the money to their IBAN or swift within 48 hours. The whole email was written in broken Swedish, and I knew for a fact that I wasn't in debt.
I can totally see how someone old and not that fluent in the language would fall for it, though.
This channel is just amazing, love your work!
Such SMS are also quite common in Austria, so I guess they're a thing in all of Europe. Other than parcel tracking, they may also claim that "you have a new voicemail" or that there is a "message from the mobile service provider". Bold attempts just send a link w/o any explaination. I only started recieving those after I registered for recieving a loyalty card for a discounts in a local supermarket chain. Behold the "benefits" of selling all data!
Yup. Hampton did that to me. I signed up for their dumb loyalty thing, and started getting scam calls.
Thank you for the sponsor I use the app on my phone great job bro much appreciated🙏🌐❤️
Thanks for posting this. That's why it's really important to do verifications before clicking any malicious links.
Oh I get these all the time. Luckily for me, I disregard messages I don’t know. The same with phone calls. If it’s a number I don’t know, I don’t answer since 9/10 they are scams/fake offers. Parents/grandparents are most susceptible since they typically aren’t very tech savvy and will fall for them without a second thought.
This happened to my dad a few days ago but it was for the email version of "winning" something from a legitimate store. Asks you the same questions and then asks for your credit card so they can send the item to you. My dad asked if it was legit, hours before he already put all of his information and CC. I immediately told him to call his bank to cancel the card.
Something worth noting for us in the UK is that:
With a redelivery, you need a reference number on the card they leave you/email you get with tracking number.
Post Office themselves don't deliver much, it's usually don't through Parcelforce or Royal Mail. You can send things through the Post Office, though its likely to be delivered by RM/PF.
Official Post Office site doesn't have a redelivery link, that's usually done via Royal Mail/Parcelforce.
Thought these might be helpful signs in case anyone gets these texts.
Redelivery through RM/PF is free. Everything else is a scam. When I had to pay customs for a package, I got a letter in the mail about customs charge and how much it was.
Always be suspicious of these kinds of texts, people. And check your tracking numbers.
3:11 I love the WarOwl reference! 😂😂😂 great video on all other fronts as well.
had the exact same iMessage come to my phone. I immediately knew it was a scam because of the link and the fact that I haven't ordered anything in the past 2 months.
Great video, very informative as always, Leo! Can you do a video about getting malware from QR codes? I heard those are a thing especially in restaurants or pubs that put those codes on tables for you to scan and look at the menu. Thanks
As I was watching this video, I got a spam email claiming to be from a doctor's office that's about 100 miles away from me, stating I had an appointment there and need to get a referral for it. Both of these are wrong, of course. But funny thing - it claimed to be from one of these mega-practices that has hundreds of doctors and dozens of locations throughout the multi-state area, so in fact I had been at *one* of their nearby offices several years ago. The only link in the email is a pretty prominent "Unsubscribe", which is odd because why would you need to unsubscribe from informational messages from your doctor? So I'm guessing that must be the "bad" link.
One thing that really annoys me, is that a lot of companies outsource various marketing campaigns, meaning you end up with an email purportedly from a legit company, however links in it don't point to them. So you end up getting used to seeing legit messages from companies with weird addresses in them, and just get used to this as 'normal', so when a real scan fronts up it's a lot harder to spot as its just another strange address from your favourite supplier.
Very informative, thanks 👍.
yo a, face to the best ch. sick! also keep up the great work 👍
I'm feeling so motivated and inspired.
They almost got me with this one, I didn't realise until it did the CC failure message part that it was a scam because I was expecting a delivery that day. Called my card company, explained, they cancelled the card and re-issued.
I love when these scams use British English rather than American English. Parcel is a British term for mail. We in the United States would never use the word parcel. We would use package or mail or delivery. These scammers always mess up on the small details. Probably because the fact that they learn British English rather than American English.
And then they asked for £1.20 lol
This scam is targeted to users in the UK which is why that's the case, a similar scam in the US would use American English.
@@pcsecuritychannel not necessarily. Indian scammers are not intelligent enough to know the difference between British vocabulary and American vocabulary.
Parcel is still used if you are ordering things from another country
Probably cuz they are foreign scammers
Most scams are from foreign countries like Africa , India and parts of Europe
Why i don't get scams like that. All i get is: "We got your naughty photos from webcam, give us bitcoin or we publish them..."
Guys, this advice just covered the most basic of the basic common sense approaches!
Who was not aware of these basic rules of behavior has already fallen prey to such attacks!
Pls. give more of the real stuff!
thank you very much who in paña is happening a lot to me three times good work yours
Scammer be like: WHAT THE. WHERE IS THE MOON ROAD?
Thank you for prevent the community
Just an idea: Make another with scam calls aka silence calls, preventing not calling back
I recently bought something online from a major U.K. retailer and hours later, even before the product had been dispatched I received the sms claiming to be from the actual courier service used by the shop “we tried to deliver” blah blah.
I want to know how the hell did they know I placed an order?
Whats the best things for browser to provent browser hijack. And which antivirus do you think is the best
Me and my family constantly receiving these types of text messages, I have educated them to let me see the text messages when they receive it. And when reporting to the authorities even they have no clue what to do about it. From Malaysia.
yeah this happened to me today, bastards managed to get me all flustered and scaring me just to make me do those stupid transactions, once they get your info guys they call you if its a digital platform to get you to give them your sms code so they can use apple wallet to start taking your money! please watch out for these fradulent bastards!!
Royal Mail here in the uk don’t charge for re delivery
Please share with me how anyone can access your privacy inside of your home live , especially if you have turned off access points to microphones?
I am still curious as to how people know exactly what others are doing at all times.
One thing though. If you receive any kind of suspicious looking link, treat it always like it could infect your computer just by visiting it. Open it in a VM, presumably in a safer environment than Windows (like Kali Linux), and make sure that you don't expose your real IP address with this, so make sure to set up some kind of proxy server that will hide your IP address. A simple VPN service may be enough, I tend to use Tor network for this kind of stuff. And of course NEVER fill in real informations in the site. If you want to figure things out, how it works and what it does, make sure your main system doesn't get affected and your personal informations including your IP address aren't going to end up in their hands.
I think i know how the scam site knew that the random number you entered was not valid
It is possible to tell if a card number is valid, just from the card number itself (if i remember correctly, the last digit is used as part of a calculation to determine if the card number entered is correct, so in theory, you could enter random nonsense for the first 15 digits, and then work out the correct 16th digit, and it would pass the check)
Weird. Loads of videos I've watched on this subject use sample pics that are all from the UK. I wonder if that's where a lot of these scammers are located
Man, İ love you for real .
I barely found out about Pegasus today shoot at this point everything is compromised
gotten one, but checked which host they use and it was not it.
Are you going to do a video on the new zero day exploit on windows to do with word?
Anti stalker looks interesting. What do you think of kaspersky for mobile ?
you should make a fun side-video where you try to troll the sms scammer by flooding the site with invalid credit card data
3:10 Amazing channel already.
I get the delivery emails all the time. They automatically get put in my scam folder. When I get scam calls my phone alerts me
iv'e had this text 3 times now and it's always been (simon) but i know it's a scam but good video to teach others about it Nice Work
Hmm that looks terrifyingly clean
What is an sms? Great video if you would explain what’s going on
It’s scary this video comes out and I get a (missing or not approved delivery)
More please!
1:36 Actually, this _is_ how my brain operates when looking at non physical stuff regardless of whether I'm waiting on something legitimate. And the only device I store truly confidential data on is my early 2000s PDA that runs EPOC32. If I can't verify a source without doing research I'm not touching it with a barge pole, and that's the same for stuff baked into operating systems.
I got the exactly same SMS from the video. Blocked already as I didn’t ordered anything.
Lol this kind of attack is been going on in Costa Rica
This happen to a friend 2 weeks back they took small amount like 1.50 pounds, then my friend seen that 80 pounds go from there bank. There Bank seemed to no it was a scam, informed her gave her the money back and new card.
I get those frequently but the ones I get are a little more sophisticated .
They don't let you use a standard web browser or linux system to connect to the real site (obviously check the browser type / OS. No doubt the ones I'm getting target the phone itself with vulnerabilities known. If you try running Linux for example they just divert you (with a few diverts) to a harmless page.
Obviously they've worked out that some people who get these scam texts are IT people .
Ps "I know someone" who fills those information gathering sites with real looking erroneous data sent automatically at random intervals . Basically the scammer will get a list of 100, 1000, 10000 (whatever) useless entries and not know which is real and which is fake. It runs on a PC but could just as easily automatically run 24/7 on a Raspberry pi
Helpful info i expect much more, but anyway.
SMS scams are quite dangerous! I have a few friends who were victims of these scams.
my mother keeps getting messages from Apple, she on samsung android, has nothing to do with Apple, doesnt use internet much besides her local friends on whatsapp.
how does a Scammer text message you how do they get your number
YAY YOU DID A FACE REVEAL
My mother received similar emails and asked me what to do.
First and biggest red flag: broken Hungarian. If the message is clearly Google translated, it cannot be legit.
I told her NOT to open it, but she did open it anyway. The website looked OK, but it was the same, Google translated text as the email. I told her that if she gave out any personal detail to that site, especially her debit card's details, she's in a big trouble. She insisted she did not. The fake email had a fake tracking number that seemed legit on the fake website, but it immediately turned out to be fake when I checked it on the real Hungarian Post's website.
I, of course, asked her if she had ordered anything anyway. She had not.
Sure, it's not SMS, but it's close enough.
I've 5 of those messages today.
I wasn't born yesterday
I just block them. Sometimes I will call the number with *67 in front just to give them a hard time.
I get scam sms every day mostly about my Amazon account. They using emails instead of phone numbers
Our country is being attacked with these types of sms scam kinda annoying
Is it Smishing?
No validation for birthday field? Amatures!
A simple input type=date would have fixed that.
How the hell are they able to send out these mass SMS?
My identity was stolen in 2019 and I get these a lot. So, beings I do cyber security I back-trace everything and report them to their hosts and have them report it to the police then as a company; I submit means for cease and prosecutions. 😂 Make videos taking SMS Scammers down.
I don't answer anything and I don't order anything. However just in case, I will give a rural address (rural route and township) from a location in northern Manitoba in the bush.
No chance that I would click on a link. That's never going to happen, not even if I was expecting something. I would look up the original tracking number I received when ordering and then visit the Shipper's website directly. There is no exception.
Lucky if you don't accept royal mail they drop a note with code for collection, the real royal mail is normally don't redeliver , they won't text me unless a package is due
can you do a test about Gdata
they apparently found a parcel going to the moon and getting very cheap rockets
I just clicked on the link I didn’t go for all of the process once I clicked it’s showing that the link is very dangerous then I closed and deleted
Do you think they got me ?
Samsung Phones have a spam blocker. I don't know if all their models do but my S20 does and the database is very accurate
Ngl, Unless someone I know is gonna text me, I never check my SMS.
It happend to me twice I think. I learned more and restore my cash
I get 4/8 spam calls a day, several scam texts a month. I never check that/those links. But I've been on the internet since 93. The gullible people out there are just plain stupid.
simon attempted to deliver today your parcel. HAHAHAHA.
Once you click the link, they got you. They can dump all info from your device. Never and i mean never click on one of those links.
Don’t ever click suspicious links, you have no idea what is embedded in it.
Just go to the company’s website directly.
Any time I see these messages, I whois the domain and report them for abuse.
Had one sent yesterday.
Scam club rule one is don't not talk about scams
Scam club rule two Everything is a scam even if you think it's real
Too bad no anti-stalker app for IPhone....
Still can't sign in
Dont click a link in your mail or sms unless you are absolutely certain that you know who sent it.
I mean, even they can be hacked and pull a 180 on you.
@@Mario583a indeed and in the simple manner i wrote my comment, i didn't adequately imply that you can't verify them through the means of which they contacted you, as that may very well be compromised.
Yeah but I still can't sign into gmail
They want your mabile number, but they already sent you a SMS, so they must akready have it.
Haha I just received one txt from T-Mobile that my payment wasn’t processed.
what type of fraud is this called