Smishing Tactics - Delivery, Unpaid fee, Resolve it


The author almost fell for a smishing (SMS phishing) attack.


Sophistication Level:

Medium


Tactics:

The SMS tried to have the receiver to resolve an unpaid shipping fee for a delivery package by clicking an URL.


Analysis:

  1. The reason for this close call was because the author recently had packages sent by SF Express*, which is the company claimed by the smishing attack.

  2. Also, the "unpaid fee" was in Hong Kong dollars, which is the currency of the location where the author is located. Nice try for the attacker.

  3. Based on the above, this smishing attack was tailored to target people who reside in Hong Kong.

  4. The shipping fee was also of a reasonable amount.

  5. The SMS also showed sincerity by saying "We tried to deliver you package". That puts the next action at the receiver's end.

*SF Express is a well known logistics company in Hong Kong.

The above was a real SMS received.