Messaging boom feeds the fraud of the ghost package

When it seemed that frauds would begin to be made, in their entirety, through artificial intelligence, human mischief makes their own again. Scammers contact people, they get through messaging services, make them believe they have a retained package and steal resources or their access to social networks.

It is a fraud modality that cybersecurity specialists have called as the Ghost Packagewhich grows by leaps and bounds since December and affects electronic or messaging companies such as Amazon, DHL, Mercado Libre and Estafeta, among others.

In social networks, such as Tiktok, videos have been viralized on how cybercriminals operate that steal the data or resources of people and despite their extensive diffusion there are people who still suffer the scam.

“In this scheme, known as ghost package, criminals contact the victims to inform them about an alleged problem with the delivery of their package. This strategy seeks that users provide details such as their card number, address or even passwords, allowing criminals to access their accounts and make fraudulent transactions.

The main supplanted packages are Amazon, DHL, Mercado Libre, Mexican Postal Service, Estafeta or FedexSaid David González, Laboratory Security Researcher at ESET Latin America, a firm specialized in cybersecurity issues.

First, the scammers call the victims and tell them that a package is retained. Subsequently, they report that a verification code will be sent to unlock it and request confirming said code by phone, whether SMS or WhatsApp and then request a deposit to release the product.

The delivery never occurs and the victim faces the theft of data or the kidnapping of their account, and even, in some cases, a number of the cell phone appears that disappears when ignored and the message of the call is not registered in any channel such as the traditional messaging or the WhatsApp network.

In Mexico City alone, the Citizen Council indicates that this type of fraud has tripled in recent months.

Eset explains that 71 percent of criminals contact victims per phone call, while 14 percent do so by text messages, 10 percent per WhatsApp, 2 percent on Facebook and one percent by email.

He explained that in 25 percent of the cases, the victims deliver their WhatsApp Security Code which gives rise to the kidnapping of their account and subsequent extortion to their contacts, who come to deliver large sums of money.

In turn, 44 percent of cases involve amounts up to 10 thousand pesos, 19 percent between 10 thousand and 30 thousand pesos, and 14 percent more than 50 thousand pesos.

Eighty percent of the calls come from Mexico City, mostly the mayors of Coyoacán, Benito Juárez, Iztapalapa, Gustavo A. Madero and Álvaro Obregón. The rest corresponds to other entities such as the State of Mexico, Veracruz, Hidalgo, Jalisco and Nuevo LeónESET said.

Trully, a company that specializes in detecting these illicit, said since September to this medium that a good part of the frauds are committed from the prison.

MINUTES OF MINUTES

Fausto Carmona was a victim of one of these cases, and explained in an interview with The day How it was and the actions he took.

“Just a few days before I received the call I made an order online, they allegedly called me as a state and told me that my package was retained, I did not ask more, they told me that my WhatsApp would arrive a code, but that I would not cut from the call and went to the application, that is, that I only read the number of the notification.

“The truth, I felt that a real worker was talking to me, then I listened to him, when I gave him the code, he told me: Thank you, the shipment has been unlocked, in a matter of hours you will receive your order! When I hung up I didn’t have access to my WhatsApp, it was hacked, So to speak, and a day later I received a text message, in which they asked me for 10 thousand pesos to return my account without having effects.

“I don’t have 10 thousand pesos at hand, I thought, and I warned all my Facebook contacts to ignore any message. Two days later I got another message that had 24 hours to make the payment and I frightened, so I asked for a account number, I negotiated to pay 3 thousand pesos, I made the oxxo tank to Oxxo but I never returned the number.

In one way or another I was able to warn my contacts, that was at the end of January, and they taught me how they still send messages. I tried to get in touch with a goal, but the answer was that I was the one who gave my credentials and could not help me.

Last Thursday, Jesús de la Fuente, president of the National Banking and Securities Commission (CNBV), announced that 70 percent of frauds are possible by human error.

The ESET cybersecurity firm recommends to people that in case of receiving a call or a message for instant messaging applications such as WhatsApp, via email or others, it is due, in the first instance, distrust if money is requested to specify delivery.

If you call for a WhatsApp code as a condition to deliver an order, you must hang and block the contact. Attention must be paid to grammatical errors that often appear in the messages and remember that no parcel service requests payments for shipping management or is authorized to collect taxes or import feeshe stressed.

In case of waiting for a package, the firm recommends that people track it on the official website of the parcel with the respective guide number and on social networks activate security mechanisms such as two -step verification.