Url looks suss. Seems kinda sophisticated for the usual ups fishing scam. Here’s the text message I got leading here.
“Wishing you a bright and sunny day!” Lol, I almost want to help this guy by explaining that UPS and American companies in general have disdain for their customers and would never wish them to have anything that would not benefit the company.
You must log in or register to comment.
Very well known scam. Some details that give it away:
(1) They used a url shortener that doesn’t let you see the actual domain. (bit.ly)
(2) Website domain is not legitimate.
USPS’s website is usps.com. If the URL doesn’t end in usps.com (meaning usps.fakewebsite.com is still fake) then it’s not legitimate.
(3) Tone: The USPS doesn’t text you like you’re their friend.
(4) The number they’re texting you from is not an SMS short code number (usually 5 digits). Instead you’re getting a text from a 10 digit number with an area code, which means it’s a person/individual rather than an application or service.
source: used to work as cyber sec analyst
(5) grammatical error(s): “We will ship again in” instead of “we will ship again on”
Edit: more subtle errors and phrasing that feels like it was written by a non-native English speaker.
Yeah the first bullet copy with the comma and wrong preposition is clearly unprofessional. These scams always use poor contrasting red warning text as well.
You’re absolutely right, of couse, but keep in mind that communications is still mostly done by people and people are generally fucking stupid.
I’ll add how is it that they could not know the address of the recipient, yet would know their phone number?
Either the recipient is totally unknown or they know the address. The last thing they would know about a recipient is the phone number.
That’s interesting I didn’t think about that fourth point, but whenever I get a verification SMS it does always come from a 5 digit number.
Why the fuck did you click a link like that in the first place? That first message is basically screaming at you that it’s a phishing attempt.
Best opsec is to delete and block, ideally without opening it at all to avoid read receipts (if that’s a function in your phone). If you think it might be legit, go to the website on your own and find a way to confirm independently. If that’s still too much to follow through with, at the very least don’t click random links sent to you unprompted.
Could someone educate me on the possible damage clicking a link can bring, assuming I’m not interacting with the website any more than that?
Not doubting there’s damage, just curious. I’d think they’d get some maybe usable info from fingerprinting or something? Could javascripts lead to more serious problems?
If you do nothing but click the link and then close the resulting website without clicking anything else, all that will happen is that they’ll know you’re someone who clicks such links and you’re likely to get more of them.
I got one of these today too.
Something tells me the USPS wouldn’t be using bit.ly.
I think there’s now a generation gap between kids today and people who were routinely sent to tubgirl and goatse during the internet’s formal years.
If your URL is fucky, it’s a scam. If you clicked one, they’ll send you more.
Our parents couldn’t use computers properly, and now our kids can’t use them properly either.
That being said, I learned the hard way back in the golden age many, many times.
The good old days of Azureus and Limewire
- 3rd party URL shortener, immediate red flag
- Non-USPS.com domain once you tapped it (which you shouldn’t have)
- National service sending from a South Carolina area code instead of a short code or a toll free number
- Does USPS even have your phone number tied to your delivery address?
That also doesn’t look anything like a USPS tracking number (which, if this were real, you’d probably already have). Pro-tip: USPS has “informed delivery” where they’ll send you an email every day with scans of your mail and any packages on their way to you. Which would give you another way to know that this isn’t real.
Look at the URL. Of course it’s a scam.
PSA you can check a bitly link without clicking it by using their link checker: https://support.bitly.com/hc/en-us/p/link-checker
TIL, ty
This is 10000% a scam. That’s not the USPS url scheme. Plus, as a government entity, they’ll start correspondence through certified mail. Another question you could ask yourself is “Did I order any packages lately?” IF not, then more proof it’s a scam.
Aside from all of the red flags already listed in other comments…are you even expecting a package to be delivered? I almost never receive a package that I don’t expect
One thing to note, aside from all the other inconsistencies, that tracking number does not follow the standard tracking number format for a USPS package. The USPS website describes their different tracking numbers for their different services in the FAQ at the bottom of their tracking page. https://tools.usps.com/go/TrackConfirmAction_input
They give you the package info. Just ignore their email and input that into the USPS address manually. Kind of like the FedEx and UPS scams. You don’t have to use their link to “check the status” of something. Go to the real site, enter number, see fake, ignore!
Look at the domain name in the url. Not legit
Yeah, scam. Ibthough that would be obvious, but if it’s not: that is a scam, and there are many like it
Kek you clicked that?
Look man, if you want to understand what’s going on there’s a really short (even for my ADHD) video right here:
The guy here explains exactly why not to do that - https://bitly.com/98K8eH
You laugh at someone clicking it then paste a URL shortener link…
The joke is always better when someone explains it.
100% scam
