Scammers are now sending highly personalized SMS posing as delivery personnel, including victims' names, addresses, and sometimes access codes. These messages, tied to recent data breaches, lead to fake sites designed to steal personal information. Authorities advise against clicking links and checking directly with official services.
SMS scams are becoming more sophisticated in France. Traditionally, these frauds started with a generic message like 'hello, it's the delivery person, your package doesn't fit in the mailbox,' prompting rescheduling to steal bank codes. But in recent days, many users have reported messages including their first name, last name, exact address, and sometimes access code.
A typical example: 'Hello, I have a package for [person's name]. I stopped by [address] this morning, but since I had no info, please give new instructions here,' followed by a link to a fraudulent site requesting extra delivery fees.
'Getting worse and worse,' laments a Reddit user. 'Received SMS this morning for an undelivered package (classic) but this time my address is included and the link has my name and first name. Now it's really getting worrying,' he adds.
These scams draw from recent cyberattacks on companies like Mondial Relay, La Poste, France Travail, and Urssaf. Last week, Colis Privé suffered a breach exposing data of 3 million French people – first names, last names, postal addresses, emails, and phone numbers – on the dark web.
To protect yourself, avoid clicking suspicious links. Check official sites of Colissimo, DHL, DPD, Chronopost, or Mondial Relay instead. Spot spelling or grammar errors. Check data leaks on haveibeenpwned.com or oathnet.org.
