USPS Text Scam

Careful!

Be careful if you receive a text from USPS similar to this one. I’m always suspicious so when I received this text today I did some research.

I first did what you should always do, I went to the website in question, USPS.com, and did not click on their link. I searched “scams” but saw nothing to help. I then went to the trusty “Google” and simply searched, with an entire copy of the message.

It immediately brought up Global Learning Systems who had posted an article “USPS Phishing Scams: You’ve Got a Package … ‘On Hold’”. It says that this is a current scam, either Phishing[1] (email) or SMishing[2] (text). If you click on the link it will ask you to enter your name and address.

Then they will ask for a credit card and verification by date of birth and social security number. This is all done on what appears to be an official-looking screen complete with United States Postal Service (USPS) logos.

Global Learning Systems – How to Avoid Phishing Scams
  • Be aware. Often if you look closely at emails and text messages you will find that the sender’s email or text doesn’t match the sender at all. In some cases (especially in the USPS phishing scams) the email address is based in another country like the United Kingdom. Obviously, the United States Postal Service will not use an email address based in another country.
  • Beware of unsolicited communication. Calls, text messages, and/or emails received by any government agency should automatically put consumers on edge. Government agencies typically only reach out by mail, so it is a huge red flag if someone calls, emails, or texts you claiming to work for USPS, U.S. Customs and Border Protection, or any other government agency.
  • Never provide sensitive personal or financial information. Never provide sensitive information to a non-solicited caller. In the case of the U.S. Customs and Border Protection scams, cybercriminals claiming to be agents provided a name and badge number to gain the trust of the consumer. Do not fall for it! This is simply an attempt to gain your trust and should be ignored.
  • Update, update, update. Make sure you keep all of your hardware and software up to date with the latest security updates and patches as a standard safety precaution.
  • Report malicious activity. If you receive any correspondence concerning the scams listed in this article, take these actions:
    • Report correspondence claiming to be from the U.S. Customs and Border Protection to the Federal Trade Commission (FTC) at www.Reportfraud.ftc.gov.
    • For USPS phishing scams, all suspicious correspondence and notifications claiming to be from the USPS should be deleted.
    • Suspicious notifications claiming to be from the BBB should be reported at www.BBB.org/ScamTracker


Footnotes
  1. Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim As of 2020, phishing is by far the most common attack performed by cyber criminals, the FBI’s Internet Crime Complaint Centre recording over twice as many incidents of phishing than any other type of computer crime. [Back]
  2. SMS phishing or smishing is conceptually similar to email phishing, except attackers use cell phone text messages to deliver the “bait”. Smishing attacks typically invite the user to click a link, call a phone number, or contact an email address provided by the attacker via SMS message. The victim is then invited to provide their private data; often, credentials to other websites or services. Furthermore, due to the nature of mobile browsers, URLs may not be fully displayed; this may make it more difficult to identify an illegitimate login page. As the mobile phone market is now saturated with smartphones which all have fast internet connectivity, a malicious link sent via SMS can yield the same result as it would if sent via email. Smishing messages may come from telephone numbers that are in a strange or unexpected format. [Back]

Further Reading


Sources

Global Learning Systems
Wikipedia


Author: Doyle

I was born in Atlanta, moved to Alpharetta at 4, lived there for 53 years and moved to Decatur in 2016. I've worked at such places as Richway, North Fulton Medical Center, Management Science America (Computer Tech/Project Manager) and Stacy's Compounding Pharmacy (Pharmacy Tech).

Leave a Reply

%d bloggers like this: