you're reading...
Information Security, Security

Never click links in text messages

The NCSC has given an urgent warning of malicious text messages targeting citizens of the UK.

DHL: Your parcel is arriving, track here

The attack has been given the monicker “flubot” and consists of fake Package Delivery notifications. Very simple message in the text along the lines of “DHL: Your parcel is arriving, track here:”.

The links, however, are very clearly absolutely nothing to do with any delivery service, let alone DHL who seem to be the spoofed parcel firm.

Example Links

  • www[.]webscx[.]com
  • elahezare[.]com
  • gracetj[.]cn

What’s the risk

The link can tell the difference between different mobile devices and so can display a different threat for Android devices than Apple iOS devices.

For Apple iOS users the link is thought most likely to be a standard phishing approach. Apple users still need to be very much on there guard though as attackers are known to change tactics rapidly.

For Android users the risk is far higher. The link will offer to install the latest DHL mobile application. This is very much a fake and very malicious.

The fake app is designed to record what is typed into the device, specifically looking for sensitive information including passwords. So called SPYWARE.

Just to add to the threat, the fake app accesses the contacts on the device and sends the fake SMS / text to them.

The  fake apps sends   The malware on to your contacts


The most important thing to remember is to NEVER click links in SMS / text messages. I know this seems harsh but it’s really very good advice. Don’t try to figure out if the link is legitimate or not.

Plain and simple, just don’t click links in texts. Ever.

It is always better to go to the company’s / department’s website direct, not using links in text messages.

Example messages


About harlekwinblog

"Thoughts of an idle mind." Information Security professional.


No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: