Dear Tecnogalaxy readers, today we’re going to talk about a SMS scam that is circulating in these days, after many users have reported on social networks to have received an SMS that refers to the delivery of a fake package (the technique is always the same), there is also the official confirmation from the Postal Police that it is a scam.

We’ve already talked about phishing attacks, but are you familiar with smishing? If we were to make a comparison, smishing is to SMS as phishing is to email accounts. Obviously the end goal for both techniques is the same, whether it’s phishing or smishing the attacker is looking for your personal and confidential information.


As already written in previous articles, the technique of Phishing has become topical in recent years, in the 2.0 era, that of the Internet, scams happen online. Not only surfing on websites, but also via e-mail: despite the enormous progress in the field of computer security, with the creation of very efficient antivirus and antispam filters for e-mail, fraudulent e-mail messages can escape these controls, creating not indifferent damages to the unlucky cheated people.

This is the case of phishing e-mails, which can often come from a trusted source and sent from addresses considered “reliable” and therefore not blocked by the appropriate filters. It’s very easy to fall for SMS scams, but it’s still necessary to pay attention and know how to recognize phishing e-mails. (See the article Examples of Phishing attacks and how to detect them).

Phishing Types

The types of phishing used we can divide into 4 modes:

  • Greed;
  • Kindness;
  • Obedience;
  • Fear;

The smishing attacks instead are increasing exponentially, according to a statistic 20% of emails are opened and the rest discarded, while for SMS we talk about 98%, messages that are read.

With all the guides, articles published, web users have become suspicious of spam emails, while with regard to SMS often lower their guard, in fact, hackers are exploiting this weakness.

Since the pandemic started, cybersecurity experts have warned several times that attempts to scam the web have increased exponentially, scammers know very well the habits of potential victims and obviously know how to exploit real events such as lockdown to their advantage.

If you think about it, in times like these you often shop online and the risk of falling into the trap of the SMS about the delivery of an alleged package is just around the corner.

The message contains the fateful phrase “Your package is about to arrive” yet another attempt at SMS fraud by hackers.

Like all scams of this type, the malicious message is nothing more than the classic attempt by the attackers to get hold of sensitive data such as pin, iban or other information stored in the smartphone.

How smishing works

Smishing is a simple text message with illegal purposes, these messages are manipulated with the technique of social engineering, the ultimate goal of the attacker is to induce unsuspecting victims to provide confidential information. (We have already talked about social engineering in many previous articles).

If you think about it, it’s almost impossible for requesting your banking services password by text message to work right? When it comes to smishing, cybercriminals rely precisely on social engineering tactics; gaining a victim’s trust increases the likelihood that they will reveal their information, rather than guessing their password.

Below is a list of content you may receive in smishing messages:

  1. Unexpected link
  2. An unexpected file to download
  3. An urgent request for help, usually in the form of money
  4. Congratulations on winning a contest in which you did not participate
  5. The name of a bank you use or a brand you know
  6. An urgent request to verify personal information via a link or phone number

How does SMS scam linked to package delivery work?

The start of the SMS scam is with the receipt of a message inviting the victim to click on a link to complete the transaction. The content of the message is more or less always the same and refers to an incoming or in stock package. Making a statistic the message content is almost always this:

Your package is on its way, follow it here” is followed by a link composed of strange words and random numbers, the link does not have SSL certification (if we check the url does not start with https, but with http).

In the message they will try to press on opening the link, usually you will find a warning like this “Dear customer please follow the information within 48 hours” otherwise the package in question will be returned to the sender.

If we think about it it is a well thought out scam , a person who is waiting for the delivery of something purchased online can really fall for it.

The link will direct the unfortunate person to a fake site of the original one, obviously made to resemble in all respects to that of a normal shipping company in this case.

How can we protect ourselves and what to do if you have fallen into the trap?

Cyber scams are spreading with great speed, this puts data and privacy at serious risk, below is a series of tips:

  1. If you are not 100% sure of the origin of the message, do not click on the link contained in the SMS with the text “Your package is on its way”.
  2. The message seems to be sent from an Italian number that can vary. If you want to be even more reassured, the sender can be blocked, but it is not said that the same message cannot come from a different phone number.
  3. If, on the other hand, you clicked on the link received in the SMS, if the proposed page was to login or to fill out a form with your personal information, or automatically a file has been downloaded and your device is behaving strangely, the advice is to format the device and inform your contacts in your address book to delete any messages coming from that phone number. The next step is to also change all passwords saved on the smartphone (for example social networks, email, various applications but especially those of home banking).
  4. Check the source
  5. It really can be too good to be true
  6. Do not answer
  7. Protect your smartphone
  8. No courier asks for money to track the shipment or additional money when the shipment is in progress. If you have any doubts that this is a real delivery, access the official website directly to check the status of the shipment or contact the shipper’s customer service.
  9. Always keep your devices up to date, at the operating system level and install an antivirus of the latest generation and be careful what you open and what you click.

As always, make good use of it by testing it on your device/computer, testing it on devices/computers that are not yours is illegal.

See you next article!

N.B.: I do not assume any responsibility for the use you will make of the guide, as it is written for educational use.

Read also:

Was this article helpful to you? Help this site to keep the various expenses with a donation to your liking by clicking on this link. Thank you!

Follow us also on Telegram by clicking on this link to stay updated on the latest articles and news about the site.

If you want to ask questions or talk about technology you can join our Telegram group by clicking on this link.

© - It is forbidden to reproduce the content of this article.