Scammers are a creative bunch, aren’t they? When so much information and money is up for grabs on the internet, it’s only natural that the most clever and resourceful criminals will get away with the biggest score.
Whether they’re tricking users into thinking they owe back taxes or developing fake ransomeware and sextortion emails, these cybercriminals truly put the “artist” in “con artist.” Tap or click here to learn why you shouldn’t panic when you get a sextortion email.
And now, another tricky scam is making its way to phones across America. By pretending to be delivery notifications for packages, these scam texts will steal your data and financial info if you’re not careful. If you get one of these texts, here’s why you’ll want to just hit “Delete.”
According to reports by ABC News and confirmed by several law enforcement sources, people across multiple states have received fraudulent text message delivery notifications claiming to be from FedEx. Tap or click to learn more about fake delivery notification email scams.
These messages include a realistic tracking code, as well as a link for users to click to “set delivery preferences.” Clicking this link redirects unsuspecting users to a malicious website that demands personal and financial information to “set up your profile.”
Once entered, the data is ultimately stolen by the scammers. This includes data like email addresses, payment information, street addresses, names and more. With that information, it becomes simple for hackers to assume your identity and make fraudulent charges or open accounts in your name.
To fight back against identity theft, we recommend our sponsor Identity Guard, which keeps track of your accounts and how they’re being used — no matter where they end up on the web. Get 33% off at IdentityGuard.com/Kim. Make sure to switch or sign up today and enjoy this amazing offer!
In a statement to ABC News, FedEx addressed the phenomenon and explained the difference between its notification approach and the scammers’:
FedEx does not send unsolicited text messages or emails to customers requesting money or package or personal information.”FedEX
The statement also explained FedEx is constantly monitoring for questionable activity and works closely with law enforcement to stay on top of fakes. If anyone receives suspicious messages via text or email, FedEx strongly suggests they delete it without opening the message and report it to [email protected]
Local law enforcement is also addressing civilians on the nature of this cyber scheme. Because the tracking numbers can look deceptively real, they’re advising users to be cautious by copying then pasting the tracking number into the official FedEx website to verify its authenticity.
SCAM 🚨 There is a new scam where you get a text with your name from Fedex (or another delivery service)and a tracking number. Do not click on the link. When in doubt about a tracking number go to the main website of the shipping company and search the tracking number yourself pic.twitter.com/EoG1C07OLf— Duxbury Police (@Duxbury_Police) January 21, 2020
I get text notifications for my packages! How can I spot the fakes?
Although we never recommend clicking on links you get in unusual text messages, it can be safe if you know where it’s coming from. The problem with these phishing emails is they pretend to be from a reputable source: FedEx.
But real text notifications from FedEx look quite different than the sample you see in the tweet above. Official FedEx notifications contain a single link to FedEx.com, and includes your tracking number in the link.
Clicking authentic links takes you to a landing page where all you’ll see is delivery status. No “on-site updating” or “profiles” required.
But following the scam link will land you on a page that looks very different from FedEx’s true site, and the URL won’t even properly match.
Here are some red flags that can clue you in to whether you’re dealing with a phishing scheme:
- The messages will appear urgent, and will impose arbitrary deadlines and time limits to get you to act fast.
- Abnormal requests for information, money, etc.
- Abnormal URLs like “fedextracker.ru” instead of “fedex.com.”
- Excessive spelling and grammatical errors, as well as an overuse of exclamation points.
As with most things cybersecurity, your safety is in your own hands. Knowing the lay of the battlefield is crucial for survival.