An SMS from MRW with your name and real information about a shipment: it seems real but it is yet another phishing to steal your bank details


On the same January 1, 2021, we published the news of a phishing attack on behalf of Correos that many citizens in Spain had received. An SMS that said “POST: Your shipment is on its way:“, where the link took people to a page that was not the official one and that sought to steal our information.

This is how a year went by where both this public company and private parcel shipping companies were used constantly as bait to steal private data. Other firms used during 2021 have been FedEx (at different times of the year, even improved), DHL, again the Correos brand, at various times of the year.

How (and to whom) to report Internet fraud and SMS scams such as WhatsApp, FedEx or Correos

In fact, as we shall see, it has been calculated that have managed to obtain information from a large part of the Spanish population. And these attacks have not ended: yesterday another one was registered on behalf of MRW.

We explain you how this latest attack works on behalf of MRW To prevent you from falling into the trap and we run through the other cases this year to help you stay vigilant in the future: this trend does not seem to end here.


The shipping costs that you have to pay to MRW

MRW published in your Twitter profile that “if you receive an SMS indicating that you must pay shipping costs, please do not do it. We are trying to solve it as soon as possible”. At the same time, various users have explained on social networks that they are receiving SMS, supposedly from MRW, in which a shipping locator appears and a link that redirects to a false page that tries to get us to pay some alleged shipping costs for the package sent by MRW.

Phishing: what it is and different types that exist

The messages are well done: the name of the person receiving the SMS appears, the locator of a real shipment that the person expects and the name of the store where the product was purchased. That is, it is an SMS with information so real that it is very easy to fall into the trap, only that it is false that you have to pay anything and that link only seeks to steal you. The message is like this one from the photo:


No further details of the security breach, though It seems that someone previously managed to enter the internal data of the companyIf not, it would be impossible to handle such precise information. From MRW they have said that they are “trying to solve it as soon as possible”, which also shows that it is also a problem on their side and not only an attempted phishing of others.

The fraudulent page that the SMS URL reaches has a design very similar to the original MRW one. It shows the victim’s shipping data and then refers her to a payment website where add the bank card to make a supposed payment of 0.99 euros. This is how they end up getting people’s bank details.

The year of Flubot

FluBot is the name given to one of the most popular malware attacks of the year. The name comes from the fact that “its rate of spread and its infection vector resemble the common flu.” Precisely, they got a lot of information thanks to phishing attacks in the form of SMS, posing as parcel delivery companies like those already mentioned.

In March it was estimated that there were more than 60,000 infected Android terminals and 11 million stolen phone numbers. A figure, the latter, which represented 25% of the inhabitants of Spain.


Please enter your comment!
Please enter your name here