"Your package has been sent": beware of this SMS, it's a scam

By wetretrjyu
12/03/2023
332 Views

And here are the text messages "Your package has been sent". You may be one of the many French people who have received this message on your phone in recent days. The SMS tells you: "Your package has been sent. Please check and receive it". The SMS contains a shortened link to a website.

Easy to fall for at first sight. The number sending you the message is French. The message does not contain a mistake in French even if its wording is wrong. And the message is intriguing enough to keep you clicking even though you know you haven't sent or are expecting a package.

How does the trap work?

In fact, this fake delivery SMS hides "malware from the bankers family", according to the specialized site Numerama. It offers you to update your Chrome browser "to have a better experience" by downloading the "mxpcqpgjyk.apk" file. Except it's a scam. Once installed, the file takes on the appearance of Google Chrome, it asks you for all kinds of permissions (send/receive calls, SMS, access contacts, etc). This "banker" will collect information about your phone and send it to a server controlled by criminals.

The scam will not stop there. According to Numerama, it will consist of displaying "a false web page which explains that access to the bank account is blocked and that it must be reactivated". You must then enter your account number, password, credit card details, first name, last name, date of birth and address.

Once this information has been retrieved, hackers can gain access to your bank account. Thanks to the authorizations given before, and to the access to your SMS, they can thus read the possible security codes which are sent to you to validate a purchase.

The mess will be shared with other contacts on your phone, which is called phishing.

What to do if you've fallen into the trap?

If you've already fallen into the trap, and you turn pale while reading this article, the first thing to do is tell your bank . Then you must delete the application installed on your phone by going to the settings and then to the application management menu. When you have found the infected application, you click on the icon then on "uninstall".

Numerama reminds you that, for security, you should only install applications from the Google play store and recommends using an antivirus of your choice on your phone.