Watch out - scammers are impersonating DHL and DPD this Black Friday

(Image credit: Shutterstock / Leika)

Fake text messages impersonating well-known delivery companies have risen rapidly in recent weeks, with scammers expected to take full advantage of the upcoming Black Friday retail spree.

Cybersecurity firm Proofpoint has reported a significant recent surge in SMS scams - known as ‘smishing’ - that pretend to be from legitimate delivery companies, particularly DHL and DPD.

In Q4 of 2020, Proofpoint found fraudulent courier messages accounted for 16% of all smishing scams, whereas in the same period for 2021 they accounted for 56%. Overall, UK smishing attacks increased by 105% in just one year, so this year’s Black Friday event could see even more threats. 

How it works

Smishing messages usually involve informing the victim that their ‘package’ could not be delivered, and that delivery needs to be rescheduled, or that a package is being held and a fee needs to be paid to have it released. 

The message includes a link that when clicked on, takes the victim to a phishing page - a fake version of the real delivery company’s website - where the cybercriminals can inflict damage such as installing malware, or asking victims to input card details that they then steal.

screenshot of DPD SMS scam

(Image credit: Proofpoint)

Such scams can be quite effective, as people typically order lots over the Black Friday and holiday season, and do not necessarily know which delivery company will be used. Delivery companies quite often send legitimate short-form text messages to their customers too, making it hard to distinguish between the real thing and a scam.

However, a telltale sign is to look at the web link: as the image shows, they often contain odd characters or words and are not as straightforward as their legitimate counterparts, such as ‘[]’. There would be no reason for a legitimate website to have such characters. 

Unsurprisingly, many scams are already starting to take place in the run up to Black Friday. Bitdefender found that the current phishing scams circulating right now include those offering discounts on designer goods, fake gift cards for popular stores and fake surveys promising the latest Android phones upon completion.  

Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.