Police are trying to uncover the origin of a web of scam text messages and e-mails being sent to personal mobile numbers and e-mail addresses.
Since April, over 200 people have been defrauded of over €150,000 between them after falling victim to SMS and e-mail scams, according to sergeant Rudy Karl Buttigieg from the Cyber Crime Unit.
Working with their international counterparts, as well as private entities, police were looking into the way scammers are obtaining personal information.
Currently, the scamming is coming mainly through postal operators and bank notifications. Where it comes to postal operators scams, victims receive an SMS or e-mail with the company’s logo (like DHL or MaltaPost) informing them they have received a package. This is happening on an international scale.
They are given instructions to press on a link and pay an administrative fee for the package to be delivered. Once victims press the link, they are taken to a fake site where they are asked to input their credit card details.
In certain cases, they are also asked for a password. While victims think they are authorising the debit of a small amount – such as €1.60 – fraudsters use their details to debit a much bigger sum, usually between €800 and €1,800 per scam.
In a bank notification scam, victims are deceived into providing their credentials after they are informed of a “suspicious transaction”. They are requested to press on a link designed to steal their details.
This form of scam is known as phishing, a type of social engineering attack used to steal user data, including login credentials and credit card numbers. A new term, as SMSishing – a combination of SMS and phishing – has now been coined.
“Scammers have become more direct. Since April we have started to see an increase in these SMS and e-mail scams,” said Buttigieg, adding that scammers took advantage of the cyber vulnerability brought about by the coronavirus pandemic that pushed people to increase their online purchases.
Apart from this, recent changes in Customs fees adds a layer of vulnerability. Since earlier this year Maltese consumers buying goods from the UK started facing complicated new charges because of the country’s exit from the EU’s single market. Goods costing more than €22 may now be subject to VAT, while customs duties might be added to some purchases over €150. There could also be a customs clearance fee.
Too good to be true
Apart from the delivery scams, MaltaPost chief operating officer Adrian Vassallo said the company was also facing online shopping scams. Typically, customers came across a Facebook advert while scrolling on the social media platform. The advert would be by a fraudulent company – at times pretending to be a reputable company – offering items at greatly discounted prices.
Scammers took advantage of the cyber vulnerability brought about by the coronavirus pandemic that pushed people to increase their online purchases
“They offer something that would cost €100 for about €30. The victim falls for the incredible offer and clicks on the fake website to effect payment. Payment can even be made through PayPal. But what happens is that they don’t get what they ordered. We had a case of someone ordering a toolbox and getting a toothbrush,” Vassallo said.
While in these cases the scammers do not withdraw more than the sum agreed on, buyers are scammed because they do not receive what they paid for. The scammers use a postal system that does not require a signature on delivery.
“The problem is that the buyer tracks the order online and eventually sees that it was delivered. They then complain with us that we did not deliver the package. Meanwhile, they would have received something small like a toothbrush or face mask without realising that it has the same tracking number and they were scammed,” he said, cautioning people to be careful about the authenticity of websites and deals that are too good to be true.
Buttigieg also urged people to exercise caution. “Keep in mind that banks will never ask you to share personal details over a message or online. And if you are in doubt whether a message is real or not, contact the original service provider. Don’t rush.”
How to avoid scams
Don’t be too hasty to press links. Study the link address (URL) letter by letter to ensure the link is genuine.
Do not follow links from e-mails. Visit the genuine electronic site of the postal operator or the bank.
On receiving SMSs or e-mails requesting you to access your account or provide payment details, contact the company – by telephone, e-mail or on social media.
Do not use the telephone number or e-mail address provided in the suspicious message.
If you suspect that you fell victim to a scam, call your bank immediately to stop your card. Then file a police report.