Updated on 31 May 2021
Bpost warns about fake text messages, circulating in the name of the postal company. The message is short: "your package is on its way, follow it here", followed by a link. If you received this fake message from bpost, your phone number is probably included in a list circulating on the Internet that is used by cybercriminals. Chances are you will receive more smishing and phishing messages in the near future from other delivery companies. So be very careful!
- Do not click on the link (fig. 1).
- If you click on the link, you will be asked to download an application (fig. 2). Do not download it under any circumstances. A virus will be installed on your device which will be able to access your personal data such as passwords, credit card details and your entire contact list. The virus uses your number to send messages to your contacts.
- Send a screenshot of the message to email@example.com. We will block the links in the message.
- Delete the message.
How do you know whether you have the application installed?
- An application with a Bpost logo will appear among your other applications (fig. 3).
- You cannot delete this application.
You have installed the application? Remove the virus
Do not enter your password or log into an account until you have tried one of these solutions.
Choose the method that seems easiest to you. Are you having problems? Get help from someone who is well-versed in smartphones.
Method 1: Restore your device to its factory settings
- Activate your smartphone's offline mode.
- Restore your device to factory settings. The procedure to follow varies depending on your device's manufacturer. Note that if you do not have backups enabled, you will lose your data.
- Restore your data using your backup copies. Note: you need a backup from before you installed the application and the virus.
- Your apps must be downloaded again from your standard app store (Google Play Store, App Store).
Method 2: Restart your device in "safe mode" and remove the fake Bpost application
- Reboot or start your device and choose "safe boot" or "safe restart". The way to do this may vary from one device to another. Sometimes you have to press and hold the volume button at the same time. You may need to check how to do this for your device (brand, type, version). See here how to do this.
- Your device is now in "safe mode". This is shown on the screen.
- Now go to "settings", "applications".
- Select the fake Bpost application and uninstall it.
- Turn off your device and restart it in normal mode.
- Change all the passwords of the accounts you have access to from your smartphone.
- A text message may have been sent on your behalf to all your contacts. Inform them as soon as possible.
- If messages are sent from your number to your contacts, you may not notice it immediately. However, you will see on your phone bill that many messages have been sent. Contact your operator if you see this on your bill. The only way to prevent your phone number from being misused is by deleting the application.
How can you protect yourself against future scams of this type?
- Always think twice before clicking on a link in a message. Chances are you will receive more smishing and phishing messages in the near future from other delivery companies.
- Activate a spam filter on your device.
- Block suspicious numbers.
- Only install applications from a standard app store (Google Play Store, App Store). If, during the installation of an application, you get a message that prevents the installation or warns you about security problems, do not continue.
- For Android devices, make sure to enable Google Play Protect if your device supports it.
To learn more about phishing, take a look at the illustrations.
- Fig.1: the text message
- Fig.2: the request to download the application
- Fig 3: the application
Learn to identify fake e-mails
Do the phishing test and don't get fooled
What to do?
- Do not click on the link in a suspicious message and do not open the attachments.
- You can forward the fraudulent e-mail to firstname.lastname@example.org.
- You can also send suspicious text messages. To do this, simply take a screenshot and send it to email@example.com. The content of your report will then be processed automatically.
Did you click on a suspicious link?
- If you have clicked on a link, leave the fields blank and break off the connection.
- If you have provided a password that you use elsewhere, change it immediately.
- If you have clicked on a link that opens a website where you are required to submit your banking information, first verify that it is your bank's website. If you have any doubt, do not make the payment.
Have you fallen victim to fraud?
- If you have lost money or are the victim of extortion, we advise you to report it to the police. You can report it to the local police where you live.
- Contact your bank and/or Card Stop on 078 170 170 (+32 78 170 170 from abroad) if you have passed on bank information, if money disappears from your bank account or if you have transferred money to a fraudster. This way, possible fraudulent transactions can be blocked.
- If you want to report fraud, you can contact your bank at a special number.