A relatively new “smishing” attack (using SMS texts to gather personal information) is moving through the US, with the attackers posing as the United States Postal Service (USPS). There are many variants but they all ask for personal information and, most importantly, payment of a few dollars from a digital payment service.
One commonality to the texts is claiming they have insufficient address information. However, no consumer website will permit the completion of a sale unless all the blanks are filled out.
On the package tracking page of the USPS is a notification saying those texts should be deleted immediately. “If you get a text claiming to be from USPS about a package “awaiting action,” don’t click it: Delete it immediately. This is an attempt to steal your personal information.”
Many sources, one goal
Government agencies are not the only organizations that will be spoofed. Scammers can disguise themselves as banks or other company to lend legitimacy to their claims. Most legitimate sources will use 5-digit shortcodes as an identifier to send and receive an SMS to and from mobile phones. They will not provide links to any website or phone numbers to call
“The criminals want to receive personally identifiable information (PII) about the victim such as account usernames and passwords, Social Security number, date of birth, credit and debit card numbers, personal identification numbers (PINs), or other sensitive information. This information is used to carry out other crimes, such as financial fraud.”
Customers can access free tools to track specific packages but must register online, or initiate a text message, and provide a tracking number. The USPS will not send customers text messages or e-mails without a customer first requesting the service with a tracking number. Customers who do not request tracking requests for a specific package will not receive a text.
Lou Covey is the Chief Editor for Cyber Protection Magazine. In 50 years as a journalist he covered American politics, education, religious history, women’s fashion, music, marketing technology, renewable energy, semiconductors, avionics. He is currently focused on cybersecurity and artificial intelligence. He published a book on renewable energy policy in 2020 and is writing a second one on technology aptitude. He hosts the Crucial Tech podcast.