The Cybercrime Investigation Directorate of the State Police warned citizens on April 6 to be careful of fraudulent messages that are circulating massively in Albania via SMS and that appear as notifications from the Albanian Post for undelivered postal packages.
The Albanian Post itself reacted to these messages with an official statement, stating that these SMS are in no way related to official postal services.
"The Albanian Post informs the public that in recent days fraudulent messages (SMS) have been circulating that illegally use the name of our institution, with the aim of deceiving citizens and obtaining their personal or banking data," the Albanian Post announcement reads.
This is not the first time that the Albanian Post institution has become the target of such fraudulent attacks and campaigns with fake SMS, which have been repeated several times in recent years.
These attacks are otherwise known as "smishing" and consist of attempts that aim, through messages formulated as trustworthy, to "fish" citizens and penetrate their sensitive data through links attached to the message.
After citizens click on these links, they are asked to enter their bank card details or personal information.
According to digital experts, these attacks are usually malicious and come from unidentified actors who have the intention of financial gain or stealing someone's identity.
"The risks of these attacks are numerous, such as financial loss for the victim, data and identity theft, compromise of personal accounts and, in some cases, installation of malware or viruses on the victim's device," said Orkidea Xhaferaj, researcher and head of the Digital Policy and Innovation Department at SCiDEV.
According to Xhaferaj, the frequent targeting of the postal institution by these attacks is due to its nature and role in continuous communication and the wide range of services it offers to citizens.
“The postal system is used by a large number of citizens and everyone, at some point, uses postal services,” Xhaferaj told BIRN.
"This makes the probability of someone expecting a package higher and makes the message more credible," she stressed, adding that the post office processes a large amount of personal data, thus increasing the circle of potential victims.
"The pace of everyday life and the performance of automatic actions via phone increases the vulnerability of even those people who have average knowledge of the digital sphere," Xhaferaj added.
According to the digital policy researcher, the success of these attacks is also largely determined by the digital illiteracy of the population, as a large portion of citizens do not have the proper information about them.
“These attacks are automated and do not discriminate against victims,” Xhaferaj told BIRN.
"This makes their complete prevention a challenge in itself, as automation, refinement and facilitation by artificial intelligence are advantageous against the low digital skills of the population," she added.
According to Xhaferaj, in order to prevent the negative consequences of these attacks in the future, continuous awareness campaigns are needed, both "offline" and "online", emphasizing that the post office does not require payments via SMS.
"It is very important that institutions use simple and understandable language to increase citizens' understanding," Xhaferaj told BIRN, adding that in addition, some technical measures to filter such SMSes can be implemented by mobile phones in cooperation with public institutions.
To raise citizens' awareness, the Albanian Post itself has continuously published announcements emphasizing that their institution never requests personal or banking data through SMS messages or unauthorized links.
"Our official communications are carried out only through the verified channels of our official website," the post writes in its next announcement.
"We strongly condemn any attempt to misuse the name of the Albanian Post and inform you that such cases are being followed up and reported to the relevant law enforcement institutions," the Albanian Post announcement concludes./BIRN
