{"id":18736,"date":"2022-04-12T03:10:23","date_gmt":"2022-04-12T11:10:23","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2022\/04\/12\/news-12469\/"},"modified":"2022-04-12T03:10:23","modified_gmt":"2022-04-12T11:10:23","slug":"news-12469","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/04\/12\/news-12469\/","title":{"rendered":"USPS &#8220;Your package could not be delivered&#8221; text is a smishing scam"},"content":{"rendered":"<p><strong>Credit to Author: Christopher Boyd| Date: Tue, 12 Apr 2022 10:37:35 +0000<\/strong><\/p>\n<p>A scam is doing the rounds which begins with a text from what claims to be the US Postal Service. The SMS reads as follows:<\/p>\n<blockquote class=\"wp-block-quote\">\n<p>&#8220;<em>[U.S. Postal Service] We\u2019re sorry to let you know that your package could not be delivered. To reschedule a delivery please visit [bit(dot)ly]<\/em>&#8220;<\/p>\n<\/blockquote>\n<p>I\u2019ve never received an SMS from the US Postal Service, but I have to imagine they don\u2019t use bit.ly redirect links in text messages. The bit.ly link hides the actual URL being sent to people\u2019s phones. You can view stats for a bit.ly link by placing &#8220;+&#8221; at the end of the URL. Detailed stats about the shortener\u2019s creation date, number of clicks, and more are available through this method. On this occasion, data is hidden with the message \u201cThis link has been flagged as redirecting to malicious or spam content\u201d.<\/p>\n<p>Clicking through reveals the following warning:<\/p>\n<ul>\n<li>The link may be listed on a website blocklisting service.<\/li>\n<li>The link may have been reported to Bitly by a member of the public.<\/li>\n<li>The link may contain malware (software designed to harm your computer), attempt to collect your personal information for nefarious purposes, or otherwise contain harmful and\/or illegal content.<\/li>\n<li>The link may be attempting to hide the final destination.<\/li>\n<li>The link may lead to a forgery of another website or may infringe the rights of others.<\/li>\n<\/ul>\n<p>Not a promising start for our missing package. Shall we take a look at the final destination?<\/p>\n<h2>Phishing for info<\/h2>\n<p>The actual landing page, located at us(dot)awaiting(dot)host, claims to be a USPS parcel tracking page. It says:<\/p>\n<blockquote class=\"wp-block-quote\">\n<p><em>USPS Currently Awaiting Package<br \/>Undeliverable as Addressed(UAA) Problem with Address<br \/>USPS Allows you to Redeliver your package to your address in case of delivery failure or any other case.<br \/>You can also track the package at any time, from shipment to delivery.<\/em><\/p>\n<\/blockquote>\n<p>It asks visitors to \u201cverify address\u201d, by filling in their name, address, city, state, ZIP code, phone number and email.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" data-attachment-id=\"55612\" data-permalink=\"https:\/\/blog.malwarebytes.com\/scams\/2022\/04\/usps-your-package-could-not-be-delivered-text-is-a-smishing-scam\/attachment\/fake-usps\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/fake-usps.jpg\" data-orig-size=\"723,963\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"fake-usps\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/fake-usps-225x300.jpg\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/fake-usps-450x600.jpg\" loading=\"lazy\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/fake-usps-450x600.jpg\" alt=\"\" class=\"wp-image-55612\" width=\"450\" height=\"600\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/fake-usps-450x600.jpg 450w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/fake-usps-225x300.jpg 225w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/fake-usps.jpg 723w\" sizes=\"auto, (max-width: 450px) 100vw, 450px\" \/><figcaption><em>Fake data entry form<\/em><\/figcaption><\/figure>\n<\/div>\n<p>Clicking Continue at this point would normally display a second page asking for payment information. At the time of writing, clicking continue triggers a .php URL and then redirects to the 3M science website. It\u2019s likely the data entered has been submitted to the phisher, but why didn\u2019t they ask for payment details too?<\/p>\n<h2>Forgetful phishers or long-haul social engineering?<\/h2>\n<p>Sometimes scammers simply forget to make sure their ruse sails smoothly from A to B. It may be that they\u2019re only actually interested in grabbing name and address information for now via the website. The logical progression would be to follow up by phone, mail, or post.<\/p>\n<p>It\u2019s also possible they realise they\u2019ve attracted some heat and are trying desperately to put the flames out. The site is flagged via the bit.ly link and produces warning pages in browsers such as TOR. The creators may figure it\u2019s not worth the potential risk of keeping payment detail requests online anymore &#8211; if they were there in the first place, that is.<\/p>\n<h2>The right way to arrange a redelivery<\/h2>\n<p>This is &#8220;basic parcel delivery information&#8221; as opposed security advice, but If you <em>do<\/em> use USPS, you\u2019ll want to head over to its <a href=\"https:\/\/faq.usps.com\/s\/topic\/0TOt00000004HGMGA2\/redelivery?tabset-44809=2\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">dedicated redelivery page<\/a>. It explains in detail what USPS customers should expect when waiting on a parcel, and what to do next.<\/p>\n<p>As for the security angle: Fake USPS delivery notification spam is a <a href=\"https:\/\/postaltimes.com\/postalnews\/beware-of-new-scam-using-usps-name-citing-delivery-on-hold\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">popular tactic<\/a> for scammers, and USPS&#8217;s recent advisory on the topic includes instructions on <a href=\"https:\/\/www.uspis.gov\/news\/scam-article\/smishing-package-tracking-text-scams\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">how to report<\/a> bogus SMS messages.<\/p>\n<p>No matter the delivery service, always pay attention to the URL on the landing page and ensure it matches up with the official site you\u2019re familiar with. It\u2019s no fun having your data harvested, even if they miss out on your payment details. There\u2019s no guarantee they won\u2019t follow up on such a thing at a later date, so it\u2019s well worth taking the time to get it right the first time around.<\/p>\n<p>Just over half of all smishing attacks in the last few months of 2021 in the UK alone <a href=\"https:\/\/www.dailyrecord.co.uk\/lifestyle\/money\/fake-delivery-text-scam-warning-25799302\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">claimed to be from delivery firms<\/a>. Even as the pandemic (sort of) recedes a little, this scam refuses to go away. Next time your receive a text about a package you have no memory of, it might be worth checking your most recent purchases before responding. If the parcel is real, it&#8217;ll still be there &#8211; unlike the fly-by-night scammers.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/scams\/2022\/04\/usps-your-package-could-not-be-delivered-text-is-a-smishing-scam\/\">USPS &#8220;Your package could not be delivered&#8221; text is a smishing scam<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/scams\/2022\/04\/usps-your-package-could-not-be-delivered-text-is-a-smishing-scam\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Christopher Boyd| Date: Tue, 12 Apr 2022 10:37:35 +0000<\/strong><\/p>\n<p>We look at an SMS which claims you have a USPS redelivery needing to be rescheduled, and explain why it&#8217;s not what it seems.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/scams\/2022\/04\/usps-your-package-could-not-be-delivered-text-is-a-smishing-scam\/\">USPS &#8220;Your package could not be delivered&#8221; text is a smishing scam<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[11539,16802,10511,3924,25665,3985,10574,11706,11931],"class_list":["post-18736","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-fake","tag-mail","tag-phish","tag-phishing","tag-redelivery","tag-scam","tag-scams","tag-sms","tag-usps"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18736","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=18736"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18736\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=18736"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=18736"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=18736"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}