Have you ever received a text message saying “Your package will be returned to the sender today” or “Last chance to collect your package”? Congratulations! You have been attacked by cyber criminals who want nothing more than to lure you into a trap! Such carefully crafted SMS, known as “smear”, contain dangerous links. Fortunately, they’re pretty easy to spot too. I’ve rounded up a list of important red flags to watch out for.

It’s now 2021: everyone has a mobile phone and almost everyone has indulged in online shopping at one point or another! Therefore, it makes perfect sense for cyber criminals to jump on board the train and exploit the greed or greed of their fellow human beings greenness to enrich oneself.

Phishing checklist

Phishing mark warning at a glance
✘ Wrong grammar / spelling
✘ Request to enter personal data
✘ Irrelevant notification (no package ordered → you will still receive a package notification)
✘ Click Hyperlinks

“Smishing” is an amalgamation of the words “SMS” and “Phishing”. It describes short messages that contain dangerous links and that usually also encourage you to load the phishing pages by inserting a hyperlink. This spring, some of the news could read like this:

  • Your package will be returned to the sender today. Last chance for you to pick it up!
  • Hello [name]the courier has picked up your package. Tracking number: [Link]
  • [Number] You have an unsolved problem with your package: [Link]

Phishing text messages don’t always have to be about packages or deliveries. I received a lot of phishing messages during my internship and collected some tips and tricks that I would like to pass on to you. In addition to smishing, phishing e-mails are an often underestimated danger.

How do I distinguish smishing and phishing from a legitimate SMS?

Pay attention to spelling and grammar

In most cases, phishing or smishing messages can be easily identified by grammar and spelling errors. Companies like Amazon, DHL, or your Sparkasse are unlikely to make such amateurish mistakes in their messages. Some red flags contain incorrect capitalization and punctuation.

Banks never ask for personal information

In addition, virtually all banks, including e-wallet providers, regularly inform customers that they will never ask you to enter your personal information via email or SMS. Also, you need to log into your online banking account directly and not include a URL in the message. You can also receive such notifications in your email inbox.

Double and triple check the URL

Does a hyperlinked SMS from your bank make it legitimate or trustworthy? It is always recommended that you enter your bank’s URL directly into the address bar of a browser. Alternatively, you can copy the hyperlink to your smartphone and paste it into a document or message window to see if the hyperlink points to the promised page or somewhere else.

Most of the time, such phishing links are cryptic or lead to completely different sites. In such cases, you can be 100 percent sure that the email or text message is trying to get you a quick one.

When it comes to email, contact the sender

With smishing, it is not that easy to tell whether the number actually belongs to your bank or a reputable service provider. With email phishing, however, this is a whole different story. Find the detailed sender information in your email folder, check the email address and compare it to previous legitimate emails from your bank or service provider.

Can the smishing be stopped and what do I do with the received messages?

Unlike viruses, Trojans or malware, simply receiving a smishing message is not dangerous at all unless You click on the hyperlink it contains. Just ignore the message or even mark it as spam (if your dialer allows it) and nothing else should happen. However, I strongly recommend deleting such messages as you don’t want them in the first place.

Before doing so, of course, you can take a screenshot of the fake message and contact your bank or the support center of a particular service to alert them to this scam. That way, you can shed further light on the situation and possibly assist the authorities in gathering evidence to take action against such cyber criminals. You can also contact your cellular operator to inform them of such unscrupulous activities.

Still not sure if your bank account is safe? Enter your online banking url in the browser or contact your bank directly for the correct url. You should have additional advice or information that should help you.

Accidentally clicked on a link and / or entered your personal data?

Have you discovered the dangers of greasing something too late, having already clicked a hyperlink or even entered your personal information? In the event of bank phishing, contact your bank immediately and inform them about it. As a precaution, block, or even cancel, your ATM or credit card while requesting a new one that requires a brand new PIN.

Once you’ve entered your email address or your address, it’s far less dangerous – although it will be a lot more annoying. This is because selling “real” email addresses or addresses to advertising companies is a lucrative activity. You are likely to receive more phishing emails and spam after accidentally entering your details.

If the affected service offers two-factor authentication as an additional security measure, activate this. This protects your account even if an attacker could find your password. Basically, it is advisable to enable “2FA” for every service that has it.

It is highly advisable to file a criminal complaint with the local authorities if you have fallen for a fraudulent scam. You can also factory reset your smartphone (after you’ve made a backup of your important data like photos and audio files!) To be on the safe side. If malware was unknowingly installed on your smartphone because you clicked a link, that malware will also be removed.

Share your smishing and phishing messages with the community

If you remember all of the tips in this article, you should be able to spot most of the smishing and phishing attacks and avoid falling for their bait. If you are unsure or have seen a particularly suspicious scam, please post it on our forum! I created a new thread for this purpose:

If you have any further questions or experiences on this topic, feel free to post them in the comments. Of course, if you have any additional tips and tricks to alert our fellow readers, I’ll be happy to include them! Last but not least: stay skeptical and above all safe!


Please enter your comment!
Please enter your name here