Imagine that one day you receive a text message that appears to come from a delivery company. It asks you to follow an urgent link to confirm the delivery of a package. Without thinking twice, you click—and that’s when you realize you’ve fallen victim to a scam.
This type of deception is known as smishing, a variant of phishing in which criminals use text messages to impersonate legitimate companies and steal personal or financial information.
If you feel unsure about how to identify these threats, don’t worry. With the right knowledge, you can avoid falling into these traps known as phishing and smishing.
The Difference Between Phishing and Smishing
Although both phishing and smishing share the same goal—stealing your personal or financial information—they differ in how they are carried out.
Phishing:
This type of fraud is carried out through emails or fake websites that imitate legitimate companies, such as banks or online services. The goal is to obtain sensitive data such as passwords, login credentials, or banking information, or to lead users to perform fraudulent actions such as making payments or downloading malicious content.
Smishing:
This fraud occurs via text messages (SMS). Attackers send a fake message that may include a malicious link or a phone number, prompting the recipient to take immediate action, such as providing personal information or making a payment.
How to Avoid Phishing and Smishing
Protecting yourself from these threats is easy if you know how to act. Here are some practical tips to help you avoid becoming a victim of phishing and smishing:
Identify a Fake URL. How?
Below are some basic steps to avoid falling into the trap:
- Check the URL: Scammers often use URLs with spelling mistakes or unusual characters, such as “g1s-spain.com” instead of “gls-spain.es”.
- Watch out for long or strange URLs:If the address looks unnecessarily long or contains irrelevant words, it may be a sign of a threat.
- Avoid suspicious domains: Fraudulent websites sometimes include unusual hyphens or extra elements in the domain, which can redirect you to malicious pages.
How to Verify a Link Before Clicking
Here are the key tips:
- Hover over the link: On a computer, this allows you to see the full URL at the bottom of the browser.
- Press and hold the link on mobile devices: This will display the full address before opening it.
- Be cautious with shortened links: URL shorteners turn long, complex URLs into shorter, shareable links. If a shortened link comes from an unknown source, avoid clicking it.
Warning Signs in Fraudulent Emails or Messages
There are several red flags that should raise suspicion:
- Suspicious email addresses: One of the most common signs of fraud or impersonation. These emails often come from addresses that do not match the official or trusted domains of legitimate organizations.
- Grammar mistakes: Fraudulent emails often contain spelling errors or poorly structured sentences, which may indicate that the message does not come from a legitimate source.
- Excessive urgency: Another common trait is the use of an urgent tone. Phrases like “Your account will be blocked within 24 hours!” are designed to pressure recipients into acting quickly without thinking, creating panic and leading to rushed decisions.
What to Do If You Receive a Suspicious Message in the Name of GLS
If you receive an unexpected message claiming to come from GLS, follow these steps carefully:
- Do not click on links or share personal information.
- Verify the information: Visit the official GLS website or contact us through secure channels. or contact us securely through our official social media channels on Instagram , Facebook , and X.
- Forward the suspicious message: If the message seems fraudulent, forward it to our security team.
Examples of Phishing and Smishing
Below are some common examples of phishing and smishing to help you recognize them easily.
Some of the most common phishing examples include:
- “Bank” email requesting information: An email asks you to update your bank account for security reasons, or one that appears to come from GLS, encouraging trust by referencing a supposed package. The link usually leads to a fake website.
- Fake package notification: An email informs you that you have a package waiting and asks for a payment to receive it, or claims there is an issue with your delivery. The link leads to a fraudulent page. In addition to requesting payments, it may also ask for personal data under the excuse of “confirming delivery.”
- Fake prize: A message congratulates you on winning a prize and asks for personal information to claim it.
Some common smishing examples include:
- GLS text message: You receive an SMS stating that your package cannot be delivered and asking you to follow a link. The link leads to a fake website.
- Suspicious transaction alert: A message warns you about an unusual transaction and asks you to click a link or call a number to “resolve the issue.” Doing so could result in fraud.
Vishing (phone call fraud):
Vishing is a phishing technique carried out through phone calls. Criminals pose as representatives of legitimate companies, such as GLS Spain, and use deceptive tactics to obtain users’ personal or financial information.
Phishing on Social Media
Social media platforms are a frequent target for cybercriminals, who take advantage of users’ trust and interactions to carry out scams.
One of the most common forms of phishing involves profiles that impersonate GLS Spain customer service representatives. This type of fraud often occurs when a user publicly contacts the official GLS Spain account, for example, with a question about a shipment.
These fraudulent accounts attempt to build trust by replicating the GLS logo and communication style. In their replies, they often claim there is an issue with the package or the user’s account and request personal information such as the tracking number, address, or even banking details. To increase the likelihood of success, these messages usually adopt an urgent tone, urging quick action to “avoid delays” or “other inconveniences.”
Example:
A user publicly writes to @GLS_Spain asking about their shipment. Shortly afterward, a fake account replies:
“Dear customer, we have detected an error with your shipment. Please confirm your address and payment details to avoid further delays.”
This type of response seeks to exploit the user’s confusion and expectations in order to obtain sensitive information under the appearance of legitimacy.
Staying alert and following these tips is key to protecting yourself. If you ever have doubts about the authenticity of a message, verify the information through official GLS channels. Your security is our top priority.