To phish, attackers use a text message that forces targeted individuals to take a specific action. This can include downloading malicious programs to the recipient’s phone or disclosing private information. A form of phishing called smishing involves this link in an enticing text message.
Most people don’t realize the risks of clicking links in text messages instead of receiving them as text messages. Most people also aren’t aware of the fact that their phones can receive text messages from any number on Earth. Have you ever encountered a “UPSPS package not delivered” notification? Attackers often make big bucks by sending SMS when trying to phish for sensitive information like credentials or financial data. To look more realistic, they usually choose a disguise of a familiar organization – like United States Parcel Service (USPS).
What is a USPS scam text ?
USPS scam text is one type of smishing in which scammers disguise themselves as the parcel service. This method of fraud involves unsolicited mobile text messages indicating that the delivery is waiting for your action, with an unrecognized web link to click on in the message body. Do not follow the link. This type of fraudulent campaign is a fraud called smishing. Below in this article, we provide some details about this USPS text message scam.
EXAMPLE of USPS scam text (USPS unable to deliver text):
USPS Currently Awaiting Package
Undeliverable as Addressed(UAA) Problem with Address
USPS Allows you to Redeliver your package to your address in case of delivery failure or any other case. Nowadays, users often come across scheduled delivery USPS text scams.
You can also track the package anytime, from shipment to delivery.
How Does the USPS Text Message Scam work?
The United States Postal Inspection Service (USPIS) warns people of an increased risk of smishing scams that use the US Postal Service as a facade. The USPS text fraud trick victims into downloading malware onto their phones or sharing personal information with the USPS package in the hopes of stealing victims’ identities or emptying bank accounts.
Soon after making a purchase online, the scammer obtains access to the victim’s device. They can then take advantage of the confusion caused by receiving a package quickly to collect personal information. This scam also works well on individuals who recently ordered a gift delivery.
How to report USPS related smishing:
If you have received USPS scam text, you can report it. To do USPS package-related smishing, email [email protected].
- Сopy the body of the suspicious text message and paste it into a new email without clicking on the web link.
- Enter your name in the email, and also add a screenshot of the text message showing the sender’s phone number and the date sent.
- Include any relevant details in your email.
- The Postal Inspection Service will contact you for more details.
Complaints of non-USPS related smishing can also be sent to any of the following law enforcement partners of the U.S. Postal Inspection Service:
- The Federal Bureau of Investigation’s (FBI), Internet Crime Complaint Center (IC3)
- The Federal Trade Commission.
The Right Way to Arrange a Redelivery
The USPS text scam recently warned the public about a popular scam involving fake mail notifications. They provide instructions on how to report bogus text messages sent by scammers. The first step to protecting yourself from data harvesting is to always double-check that the official site your data is being delivered to matches the URL you see on the landing page. Be careful with the USPS text message hack.
This way, you’re sure to catch any mistakes before they occur. No matter the delivery service, always pay attention to the URL on the landing page and ensure it matches up with the official site you’re familiar with. Failing to do so can lead to them following up on your data later with no guarantee that they won’t reap your information if they make a mistake.
What happens if i gave out my information like address and phone number but not credit card info?
Hello, Leslie!
Even having your address/personal number or similar “less critical” personal information, threat actors can impersonate you. Alternatively, you may start receiving numerous spam SMS. They will not be targeted, as crooks who phish such data usually sell it off in bundles to other rascals, but still unpleasant and annoying. And the more data crooks have – the higher are chances to receive a very convincing phishing mail, which will be extremely hard to distinguish from a legit one.
What happens if I did involve my credit card info but the purchase did not go through
There could be 2 different cases with different results.
When hackers offer you to pay for a fabricated invoice and send you a link to a legit payment system (e.g. PayPal) which contains invoice, only your money are at risk. In this case, crooks just try to make you pay for a thing you should not to. Once such a payment has failed, you are not losing anything. But I’d recommend you to block the sender and delete the message anyways.
The other situation involves a fake payment system page. It is relatively easy to make a copy of a legit payment system, and then make the victim visiting it “to pay off the bill”. Same as in the first case, bill is non-existent, but this time hackers also put their hands on your credit card info. As this copy is made and maintained by hackers, there’s no problem for them to extract what did you type in the fields on the site. If that is the case, you should reach your bank and ask to block and re-issue the card, so the info hackers have collected through such a phishing will be useless.