Scam text alert: Click this and it will steal your login

USPS texting scam
© Fizkes | Dreamstime.com

Scammers have plenty of tools, often using sophisticated methods to steal hard-earned cash. But while some scammers are daring enough to call victims directly, others prefer a more hands-off approach.

One type of scam that’s getting more popular is malicious text messages. By tricking victims into clicking links sent through text or email, thieves can get their hands on personal and financial details that help them swindle you out of money.

Now, a clever scheme is making the rounds where scammers impersonate the U.S. Postal Service (USPS). Keep reading for details on this dangerous scam and a few ways to avoid falling victim.

Here’s the backstory

Kim recently received a text message that started with “USPS Postal Service,” which immediately grabbed her attention.

The text was seemingly helpful, telling her to ensure the USPS had the correct delivery address. A follow-up message contains a shortened link that looks like the tracking page for a package. The message is very convincing and looks official. So many people won’t think twice about clicking the link.

But do NOT click the link! It’s a scam.

The USPS recently warned about smishing text messages being sent to unsuspecting victims. Smishing is a form of phishing where criminals send texts or emails hoping to trick you into clicking a malicious link. But if you do, you’ll be handing over personal information that could lead to fraud or financial ruin.

Smishing texts are being sent to people across the U.S. claiming to be from the USPS.

According to the USPS warning, “The criminals want to receive personally identifiable information (PII) about the victim such as account usernames and passwords, Social Security number, date of birth, credit and debit card numbers, personal identification numbers (PINs), or other sensitive information. This information is used to carry out other crimes, such as financial fraud.”

In the latest round of smishing texts, criminals ask the recipient to click a link to verify their delivery address for a package. As you probably know, USPS offers a package tracking service, so this wouldn’t seem out of the ordinary.

But if you never signed up for a USPS tracking request for a specific package, don’t click the link! Sometimes you don’t even have to enter personal details for them to be stolen. Sophisticated software allows cybercriminals to grab details stored on your phone.

What you can do about it

The United States Postal Inspection Service (USPIS) previously warned about similar scams. The scam asks you to check or verify your current address for delivery, but while everything seems above board, the link leads to a malicious site that captures your login details.

Criminals then use your details to reroute packages to them.

“The Postal Service offers tools to track specific packages, but customers are required to either register online, or initiate a text message, and provide a tracking number,” the USPIS explains in a blog post.

Here are other ways that you can stay safe:

  • Remember that the USPS will not send you a package tracking text message or email without you first requesting the service. Also, an official tracking message will not contain a link. So if you didn’t initiate a tracking request for a specific package directly from USPS and it has a link, don’t click on it.
  • Never give out personal information if you don’t know the sender of a text or email or can’t verify their identity. Criminals only need your name, email address and telephone number to rip you off.
  • Don’t click on links or attachments you receive in unsolicited texts or emails.
  • If you need to track a package or change your delivery address, navigate to the USPS website through your browser without following links in unsolicited messages.
  • Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!

Keep reading

Malware in the mail: Scammers are sending out fake Microsoft software

Phone scam alert: Couple conned out of $300K – Here’s what criminals said

Tags: cybercriminals, malware