Many people in the UK have been targeted with a text or picture (MMS) message that looks like it’s from a delivery service, or it may say that you’ve received a voicemail. The message appears in your phone’s built-in messaging app (not third-party apps such as whatsapp, signal etc) and asks you to download an app so that you can track a parcel or listen to the voicemail. Some messages claim to be from DHL, like our example below. But the scam has also used other company brands like Amazon, Asda, and Argos. They can also just generically reference ‘your parcel’ without mentioning a brand name.
If you click and download the app on an Android phone, it’ll try to install the app. If the app is installed, the malware contained in the app could intercept text messages or capture online banking details.
This fraud attack has affected all network operators and, although we believe we have blocked the majority of messages thanks to our enhanced protections, a small number of our customers may have received them. We’re advising customers to be alert and careful about clicking on any links received via text or picture (MMS) message.