The (Lowell, Mass.) Sun on how ‘Smishing’ is the latest con by cybercrooks to get personal info:
Scam artists are always looking for other ways to elicit personal and financial information from unsuspecting individuals.
In the digital age, unscrupulous actors have turned to the Internet to pursue their cybercrimes.
By now, we’ve all heard of phishing, one of the most common strategies used in online identity theft. It’s a fraudulent attempt to obtain a user’s sensitive information, such as usernames, passwords and credit card details in an electronic communication by purporting to be a trustworthy entity.
A popular iteration of this tactic, “smishing” or “Sms-phishing,” has emerged as a growing cyber threat. It’s a text-message based variation of the emailbased scams that have been around for many years.
Sms-phishing uses social engineering to leverage your trust, but unlike more traditional email-based scams, Sms-phishing utilizes text and mobile messaging services such as Whatsapp and imessage to defraud victims.
It’s an effective tool for cybercriminals because victims are often under the mistaken impression that their text messages provide more security than their emails. That’s a dangerous miscalculation and one that fraudsters will use to their advantage.
The latest mass “smishing” attack has its bullseye on the United States Postal Service.
As one of the largest postal systems in the world, the USPS ... handles millions of ... deliveries each day. Scammers have now tried to exploit the public’s trust in the postal service by sending fake texts . ...
According to the USPS, this emerging scam typically starts with a text message stating a package awaits delivery but lacks an address or tracking number. The recipient then receives a prompt to click on a link and enter ... details so the “package” can be delivered.
However, the link leads to a sophisticated — but fake — website mimicking the real USPS.
If victims input their information, scammers can use it for identity theft or sell it on the dark web. Individuals may also be tricked into paying a small “redelivery” fee, handing cash directly to scammers.
This scam’s effectiveness relies on sending an overwhelming number of texts to U.S. phone numbers. Whereas email phishing can be blocked, SMS messages reach phones instantly unfiltered. Automated bots can blast thousands of fraudulent USPS alerts per hour . ...
Even if only a small percentage of recipients fall for this ruse, the sheer volume of messages sent will reap huge benefits for scammers. Moreover, hiding behind disposable numbers provides scammers virtual anonymity. Victims wrongly assume the texts are legitimate because they come from verified USPS branding.
While texts initiate the scam, the fraudulent USPS websites complete the deception . ...
Staying vigilant before clicking links or providing data is the best way to avoid becoming a victim.