LEGALAUDIT
Cyber Coach

Phishing

Smishing: fake SMS from post office, tax office or bank

Short messages that push you to click a 'account safety' link. Read sender ID, real domain and official channel.

7 min readBeginner

Red flags to recognize

  • Alphanumeric sender identical to the real one but with unusual content
  • Shortened link or unusually long domain with suspicious subdomains
  • Request to update data, unlock the account or release a parcel
  • Tiny amount (1-3 EUR) for 'customs' or 'delivery'
  • 24h deadline or 'last warning'
  • International or volatile sending number for messages claiming to be your bank
  • Subtle errors: double spaces, missing accents, machine translation

What to do now

  • Do not click: open the official app or type the domain manually
  • Forward the SMS to your country's anti-spam shortcode and delete it
  • Verify shipping directly on the carrier's official site
  • If you clicked: close the browser, check the account, rotate the bank password
  • Save a screenshot with date and time for a possible report

Real case

'Parcel on hold' campaign, October 2025

Over three weeks national CERTs tracked 280,000+ SMS reading 'Post office: your parcel is on hold, pay 1.99 EUR for re-delivery' with links to domains like post-redelivery.shop. The alphanumeric sender was identical to the legitimate one.

The landing asked for name, address, then full card data including CVV and OTP. A 23-year-old lost 3,400 EUR in nine minutes after entering the card; the criminals immediately added it to a mobile wallet and drained the account via contactless micro-payments.

Mythos analyzed the link: domain registered 48h earlier on a Russian registrar, Let's Encrypt cert issued the same day, JavaScript identical to 14 reported clones. The dossier let the cyber-crime unit request a takedown and link the campaign to a known cluster.

What Mythos can do on this case

  • Link analysis with redirect expansion and landing fingerprint
  • WHOIS, domain age and CERT/PhishTank reputation
  • Impersonated-brand classification and visual similarity check
  • Form-field extraction (card, OTP, personal data)
  • Cluster tracking of related domains (shared JS, hosting, pattern)

Next steps

Analyze the SMS with MythosAsk Mythos for help with the report