All iPhone owners warned about iMessage ‘spray and pray’ attack – three red flags to look out for or risk bank-emptying hack

IPHONE owners are being targeted by a ‘spray and pray’ iMessage attack that could rob them of their hard-earned cash, parcel delivery company Evri has warned.

The phishing messages come from scammers posing as Evri – or company representatives – trying to charge an “absurd” “redelivery fee”.

two

two

Scammers are sending these types of messages to thousands of iPhone owners via iMessage, in what Evri security chief Richa Bhuttar called the “spray and pray” method.

This wide-net method is used to “take advantage of the millions of packages we deliver to families every day,” says Bhuttar.

He added: “They know that sending thousands of messages every day means that some of them are likely to reach some people who are expecting a package.”

But Evri revealed three warning signs that will make it easier to spot a fake message and protect your accounts.

Evri’s three red flags for detecting fake iMessages

Evri – like other delivery companies – is regularly impersonated by cybercriminals looking to attack innocent smartphone owners.

The company works closely with several cybersecurity organizations, including the UK Government’s National Cyber ​​Security Center, to eliminate delivery fraud as quickly as possible.

Three warning signs Evri described in fake iMessages are:

• Poor language
• Lack of personal greeting
• Uncommon Links

Scammers typically don’t have the best literacy skills — and their spelling and grammatical errors can make them easy to spot.

Legitimate Evri messages will always be spelled correctly – and will use the name that is on your account.

Instead, fake messages may start with ‘Dear Customer’ or ‘Dear [your email address]’ instead of using your name.

Evri will also never include links in its text messages other than a tracking link at this address:

However, Evri still encourages customers to exercise caution when it comes to these links.

“Please be aware that even if the link appears as https:/evri.link/… we cannot guarantee that it is genuine,” the company writes in a help page on its website. website.

“If you’re not sure, don’t click on a link or enter any personal details.”

Tracking links will only ask for your order number – not financial information.

According to Bhuttar, “Many of these messages try to charge a ‘redelivery fee,’ which is absurd – we will attempt delivery three times before an item is returned and there is no charge.

“Gmail and Hotmail have hit the nail on the head in terms of diverting phishing emails to quarantine folders, while smaller email providers appear to be less effective because their maturity is not at the same level.”

A victim of this scam said Which? in a 2022 report that she received a fake ‘redelivery’ message while waiting for a package from Evri.

Unfortunately, she entered her bank details – account number, sort code and CVC – into a form at the link provided, which allowed scammers to access her account to pay for a takeaway dinner.

Customers who are victims of this type of attack should immediately contact their bank if they have provided any financial data.

Evri also urged consumers to report suspicious activity on the Evri website: evri.com/cyber-security.

All messages will be investigated with expert partners to take down associated fraudulent websites, according to the company.

Suspicious texts can also be reported by forwarding to
7226, which is free – or via Action Fraud on 0300 123 2040.

Read all the latest news, prices and rumors: