// Case Studies
Parcel SMS: spotting the smishing trap
A text reports a waiting parcel, outstanding 'customs fees' or a redelivery — with a link. It leads to a fake page that harvests data or payment, sometimes to malicious apps. Senders look genuine because SMS IDs are easily spoofed. The click is what decides.
Updated: 2026-07-11
How the case was handled
- 1As a rule, do not tap links in parcel or delivery texts.
- 2Check the shipment status only via the official app or website of the service.
- 3Question sender and context — real couriers rarely ask for fees via an SMS link.
- 4Report suspicious texts to your mobile provider and the telecom regulator.
- 5Delete the message afterwards; if you gave data, change the password and enable 2FA.
What to avoid
- Do not tap the link — not even 'just to look'.
- Do not pay 'customs' or 'delivery' fees via an SMS link.
- Do not install apps from SMS links.
- Do not call back numbers named in the text.
How SKOPION helps
SKOPION analyses smishing infrastructure in isolation and without risk to your devices, attributes it and triggers the right reporting chains — passively and documented.
Confidential enquiryFAQ
- How do I recognise a scam text?
- By an unexpected parcel/fee message, time pressure and a link that does not belong to the service's official domain.
- Is tapping already dangerous?
- The click leads to the trap. Enter nothing and close the page. Safest is not to tap at all.
- I entered data — what now?
- Change the affected password immediately from a clean device, enable 2FA and inform your bank if payment data is affected.