The days when criminals were content to send millions of spam emails are long gone. They are now targeting people’s phone numbers, because for many people this automatically means increased trust. The recent increase in cases of fraudulent short messages shows that this can be deceptive. What is behind the term “smishing” and why consumers should be careful, especially in the run-up to Christmas.

The scammers’ logic seems simple: Before Christmas, almost everyone is waiting for a package of some kind. This increases the likelihood that a direct short message to the cell phone from a parcel service will arouse trust in potential victims and they will click on the attached links. However, this is exactly what you should avoid as much as possible, no matter how convincing the SMS or messenger short messages from DHL, Hermes and Co. look. Apart from that, the criminals are after credit card data, access to online banking or direct transfers, for example for alleged customs duties.

In order to recognize such SMS as fake, you should first ask yourself the obvious question of whether you are expecting a package at all. In addition to the fact that most parcel services do not send SMS messages to track shipments or request alleged customs claims, the error-free use of the German language is often a weakness of the messages in question. The North Rhine-Westphalia police also recommend taking a close look at where the link would lead you.

You should especially not install any apps or download files that the SMS or further link asks for – even if they have the official DHL logo emblazoned on them. Basically, as a smartphone user you should only install apps that have been verified by Apple’s Appstore or Google’s Playstore. The consumer advice center has compiled an overview of the most common formulations of alleged parcel service SMSs; cases from Deutsche Post and DHL are particularly documented. Most messaging apps have settings where you can block the corresponding number as spam.

As a consumer, you can hardly protect yourself against these fraud attempts. All you can do is check whether personal data such as email address or telephone number has been leaked and is therefore available on the black market on the Internet. In April 2016, for example, there was a major data leak at Foodora, which allowed first and last names and telephone numbers to be linked to an email address. The largest databases, each with more than twelve billion data records, include the “HPI Identity Leak Checker” from the University of Potsdam and the website “haveibeenpwned.com”.

The scam is not new: Before Easter 2021, when a particularly large number of packages were sent, fueled by the corona pandemic, the state criminal investigation offices and consumer advice centers sounded the alarm; the scam first appeared on a large scale in 2017. Criminals will intensify again in the coming weeks It is obvious that we will rely on so-called “smishing” (based on “phishing” in spam emails) due to the upcoming Black Weeks and Christmas.