A cybersecurity threat is being spread to smartphones via fraudulent text messages.
A cybersecurity threat is being spread to smartphones via fraudulent text messages, masquerading as a package delivery notification. When you follow the link in the message, you are either told to download a browser update, which is actually malware; or shown a login screen, which actually steals your username and password.
There are two things important to understand about this threat:
- UMB security tools can NOT block threats sent over mobile networks or in text messages, nor will they protect your smartphone if you click on a malicious link or give your login information. Therefore, we depend entirely on all campus faculty, staff, and students to exercise caution to avoid this threat.
- Phony shipping notifications are commonly used around the holidays to entice people to download malware or disclose login credentials. Scammers can perfectly mimic notifications from sources like Amazon, USPS, UPS, and FedEx, and add in malicious links.
Never click on links or attachments in email or text messages that you don't trust. Tapping or clicking on it, even just to "see what it's all about," can trigger a download of malware onto your device.
Whenever possible, track packages directly on the website you used to purchase, or through the confirmation email from your initial order.