“Estimated [nombre del cliente], you must pay the shipping costs [albarán] from [tienda en la que compró]. Can do it: [página fraudulenta]”. This is the SMS template that MRW customers are receiving since yesterday who are waiting for this courier company to send them a product purchased in a purchase online. All the communication data coincide with reality, according to those affected in their social networks, except for the indicated page, in which they are asked to make a payment of 0.99 euros. The latter is an impersonation attempt created with the intention of stealing the banking credentials of those who fall for the scheme.
“Through these fraudulent SMS, a shipping locator is sent to the user with a link that redirects him to a fraudulent page in order to pay alleged shipping costs for a package sent by MRW”, details the notice published by the Office of Internet User Safety (OSI). According to the publications made by those affected in their networks, another parcel company, Sending, is also being the subject of an impersonation campaign with the same characteristics.
These strategies, common in the vicinity of certain dates such as the Christmas season or Mother’s Day, usually use as bait the high probability that their victims have recently made a purchase through the internet. What is not so common is that spoofing campaigns [phishing] are personalized to the point of containing the real name of the recipient of the message, the store in which they have purchased and even the shipping number assigned by the parcel company.
The specificity of this data has led many users and even some media to point to a possible leak of the MRW database. EL PAÍS has contacted both companies, but has not yet obtained confirmation that there have been security breaches. From the Incibe they indicate that all the information that is known at the moment is that published in the OSI notice, which does not refer to the origin of the data, and that its experts will continue investigating the subject.
When the complaints began, the company communicated in its corporate account a “possible fraud via SMS using the name MRW”, shared a sample of the message that was circulating and pointed out that the indicated page does not match the one used by the company. However, it made no reference to the possibility of a security breach.
🚨 Alert! Possible fraud via SMS using the MRW name.
Messages that are likely to be fraud are circulating. We remind you to take into account the considerations of the link to our website: https://t.co/DkDsKj8ij4
– MRW Spain (@mrw_es) December 27, 2021
A few hours earlier, his customer service channel had made another publication on the same platform: “Hello! If you receive an SMS indicating that you must pay shipping costs, please do not do so. We are trying to solve it as soon as possible ”. Earlier this morning, the same account tweeted again the message that the corporate profile had sent the previous afternoon.
The ruse of the scammers circumvents with unusual efficiency some of the safeguards that security experts recommend using to avoid falling into these traps. On the one hand, they base their messages on purchases that have actually occurred and provide real data about them, on the other, the page provided for payment successfully imitates that of the parcel company. The only clue left to users is that the domain is envios-mrw.com and not mrw.es, which is the company’s real address on the internet. According to the registration data, MRW’s fraudulent domain was created just yesterday, while Sending’s is two days old.
What should those who have provided their data on the fraudulent website do? From the Internet Security Office they indicate that in cases like this “those affected should contact the bank as soon as possible to inform them of what happened and cancel possible transactions that may have been made”, as well as block access to accounts and cards, and update credentials for accessing online banking services. In addition, citizens and companies affected by cybersecurity incidents have at their disposal the Incibe toll-free help number, 017.
You can follow EL PAÍS TECNOLOGÍA at Facebook Y Twitter or sign up here to receive our newsletter semanal.