The Sun (Lowell, Mass.) on how ‘Smishing’ is the latest con to get personal info:
Scam artists are always looking for other ways to elicit personal and financial information from unsuspecting individuals.
In the digital age, unscrupulous actors have turned to the Internet to pursue their crimes.
By now, we’ve all heard of phishing, one of the most common strategies used in online identity theft. It’s a fraudulent attempt to obtain a user’s sensitive information, such as usernames, passwords and credit card details in an electronic communication by purporting to be a trustworthy entity.
A popular iteration of this tactic, “smishing” or “Sms-phishing,” has emerged as a growing cyber threat. It’s a text-message based variation of the emailbased scams that have been around for many years.
Sms-phishing uses social engineering to leverage your trust, but unlike more traditional email-based scams, Sms-phishing utilizes text and mobile messaging services to defraud victims.
It’s an effective tool for cybercriminals because victims are often under the mistaken impression that their text messages provide more security than their emails . ... The latest mass “smishing” attack has its bullseye on the United States Postal Service . ...
According to the USPS, this emerging scam typically starts with a text message stating a package awaits delivery but lacks an address or tracking number. The recipient then receives a prompt to click on a link and enter personal details so the “package” can be delivered.
However, the link leads to a sophisticated — but fake — website mimicking the real USPS.
If victims input their information, scammers can use it for identity theft or sell it on the dark web. Individuals may also be tricked into paying a small “redelivery” fee, handing cash directly to scammers.
This scam’s effectiveness relies on sending an overwhelming number of texts to U.S. phone numbers. Whereas email phishing can be blocked, SMS messages reach phones instantly unfiltered . ...
While scammers are adept at disguising their USPS impersonation attempts, there are still key signs that can help recipients identify these fraudulent messages and websites:
• Be wary of unsolicited texts claiming to be from USPS. Legitimate USPS tracking updates are typically only sent if you’ve signed up to receive them. Unexpected texts should be treated as scams.
• Inspect links carefully before clicking. Check for misspellings or unusual domains compared to the real usps.com.
• Watch for urgent calls to action. Scams often have messages demanding quick response ...
• Verify legitimacy directly with USPS. Contact USPS customer service at 1-800-ASKUSPS to confirm it’s real. Don’t provide info or payment without verification.
If you’re deceived by one of these texts, take the following steps to limit the damage:
• Call the USPS customer service line at 1-800-ASK-USPS (1800-275-8777) to make them aware your information was compromised through a scam . ...
• Carefully check bank and credit card statements over the coming weeks and dispute any unauthorized charges . ...
• For any existing online accounts associated with the compromised email address or other information, change passwords immediately . ...
• Contact one of the three major credit rating bureaus to place a fraud alert on your name and personal information . ...
• File a report with the FTC and your local law enforcement about falling victim to this scam. Provide any details on the scam phone numbers, websites and payment information . ...
These steps can help mitigate the damage caused by providing information to USPS text scammers. But staying vigilant before clicking links or providing data is the best way to avoid becoming a victim.