Asda Issues Online Home Delivery Warning After Thousands Targeted By Scam

BACKGROUND:

Members of the public are being warned to be vigilant of scammers targeting online shoppers. The Chartered Trading Standards Institute (CTSI) said it has received evidence of a text scam involving supermarket delivery messages. The messages claim “your Asda order is out for delivery” and links to a webpage supposedly allowing the recipient “to track your order and view your delivery note”. The reports also involve Morrisons, although the CTSI warned other retailers are also being targeted.

Experts Comments

April 30, 2021
Niamh Muldoon
Senior Director of Trust and Security EMEA
OneLogin

Seeing that cybercriminals have consistently targeted those offering online shopping facilities through various threat vectors including social engineering with phishing campaigns, it would be wise for these online businesses to offer support and training. The training really should be provided prior to providing devices and online system access. It is only through security awareness training that staff and customers can make better-informed decisions. Partnering with IAM trusted providers to

.....Read More

Seeing that cybercriminals have consistently targeted those offering online shopping facilities through various threat vectors including social engineering with phishing campaigns, it would be wise for these online businesses to offer support and training. The training really should be provided prior to providing devices and online system access. It is only through security awareness training that staff and customers can make better-informed decisions. Partnering with IAM trusted providers to implement two-factor authentication reduces associated risks of unauthorized access to online shopping devices and systems which is now subject to Strong Customer Authentication (SCA) regulation.

  Read Less
April 30, 2021
Chris Hauk
Consumer Privacy Champion
Pixel Privacy

Members of the public who receive text messages or emails like this should never automatically assume the sender is legitimate.

 

First of all, folks that receive text messages like this should first consider whether they have actually made a delivery order from the merchant (DUH!), or ask their significant other if they made an order. If you still have questions about the supposed order, call the merchant (by obtaining the merchant's number from their official website or app), to check if an

.....Read More

Members of the public who receive text messages or emails like this should never automatically assume the sender is legitimate.

 

First of all, folks that receive text messages like this should first consider whether they have actually made a delivery order from the merchant (DUH!), or ask their significant other if they made an order. If you still have questions about the supposed order, call the merchant (by obtaining the merchant's number from their official website or app), to check if an order has actually been made. Plus, remember that a legitimate grocery delivery service will never ask for personal information.

  Read Less
April 30, 2021
Paul Bischoff
Privacy Advocate
Comparitech

The pandemic spurred widespread adoption of meal and grocery delivery services. When you submit an order on one of these apps, users are often flooded with notifications via email, SMS, and the app itself. Users often get text updates letting them know their order has been received, that the delivery driver has picked it up, and that the driver will arrive shortly. Scammers are capitalizing on this trend by sending phishing messages via SMS in the hopes that recipients will think it's from a

.....Read More

The pandemic spurred widespread adoption of meal and grocery delivery services. When you submit an order on one of these apps, users are often flooded with notifications via email, SMS, and the app itself. Users often get text updates letting them know their order has been received, that the delivery driver has picked it up, and that the driver will arrive shortly. Scammers are capitalizing on this trend by sending phishing messages via SMS in the hopes that recipients will think it's from a legitimate app. Because SMS messages come from phone numbers instead of emails, it's more difficult to determine which texts are legitimate.

 

If you use a food delivery app, I recommend disabling the SMS notifications and just use the notifications that come directly from the app. Then, if you receive an SMS notification about a supposed delivery, you can safely ignore it.

  Read Less
April 30, 2021
Hank Schless
Senior Manager, Security Solutions
Lookout

This particular incident looks like it could be part of a campaign that's been targeting individuals across Europe in the last few weeks. The campaign that this seems to resemble, which uses data leaked from the massive Facebook data breach earlier this month to contact individuals on their personal cell phones, intends to trick the attacker into downloading a malicious app. The malicious app is laced with FluBot, which is a banking trojan that can intercept SMS messages, steal contact

.....Read More

This particular incident looks like it could be part of a campaign that's been targeting individuals across Europe in the last few weeks. The campaign that this seems to resemble, which uses data leaked from the massive Facebook data breach earlier this month to contact individuals on their personal cell phones, intends to trick the attacker into downloading a malicious app. The malicious app is laced with FluBot, which is a banking trojan that can intercept SMS messages, steal contact information, send messages to contacts and display screen overlays to trick users into handing over their credentials. FluBot is an example of malware as a service, which is a model that attackers use with increasing frequency as it allows them to easily acquire and customize the malware to be more convincing to the target.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.