Monday, October 16, 2023

PHISHING- Package Scammers Spoofing the US Postal Service

Package scams are a long-time tactic by scammers to collect personal information. Recent reporting by Krebs on Security shows an increase in scammers targeting US Postal Service (USPS) customers. Typically, you receive an email or a text message that says that the USPS could not deliver a package for some reason. A sample of a phishing (smishing) text message shows how real looking the scammers can design their messages:

 

 


 

 

Generally, the USPS does not send messages to citizens telling them that they have a package that they cannot deliver and asking for updated address information. The only time the USPS will email/text you is when you have signed up for a service such as holding your mail or subscribing to their Informed Delivery Service. But with the logo, this text message looks real enough that you might click on the link.

Krebs on Security points out that the link takes you to a phishing domain, usps.informedtrck[.]com. The Postal Service does not insert a word between “usps” and “.com” in its web addresses.

Phishing/smishing scams can be used in many contexts with scammers pretending to be from your local utility, your bank, a well know business, or a government entity. Taking a few moments to inspect your emails and texts before taking any action on them will save you grief in the future. Look for the following signs,

 

·         An urgent or emotional language designed to get you to act quickly.

·         A request for your personal or financial information, often to “update” or “verify” the sender’s database.

·         Incorrect email addresses or links. A good example is using amazan[.]com for amazon.com.

·         Bad grammar. This is not 100%, scammers are getting better with their English. But bad grammar shows that the writer is not as proficient in English.

 

If you detect an email or text that you think is suspicious, report it to the real business or governmental entity being impersonated, and/or to the provider of your email or text messaging service.

Then delete the email so that you won’t click on any links be mistake.

A good way to track your mail, including packages, is to sign up for Informed Delivery from the Postal Service. Every day, the USPS will send you an email with a listing of mail and packages coming to your mailbox in the next day or so. You can sign up for this service at https://www.usps.com/manage/informed-delivery.htm.

Phishing and smishing are major tactics scammers use to collect personal information and sometimes money from the average consumer. It is also a major tool to target businesses to steal funds, insert malware for intelligence, or to insert ransomware.

 

 

Krebs on Security:

https://krebsonsecurity.com/2023/10/phishers-spoof-usps-12-other-natl-postal-services/

 

Verify:

https://www.verifythis.com/article/news/verify/scams-verify/unsolicited-usps-texts-about-undelivered-packages-are-scams/536-fce7bc60-b3d1-4c8e-8fec-69ba6fd33538?fbclid=IwAR2dI_cB_GY-cxmD01kJUdx7LLzzsUo_bysO5P-qG5jCift_dbhmmcLyWzM

 

United States Postal Inspection Service:

https://www.uspis.gov/news/scam-article/smishing-package-tracking-text-scams#:~:text=Have%20you%20received%20unsolicited%20mobile,is%20a%20scam%20called%20smishing.

 

AARP:

https://www.aarp.org/money/scams-fraud/info-2019/package.html?intcmp=AE-FWN-LIB3-POS6

 

 

 

 

No comments:

Post a Comment