Home Advice & How-ToSafety Text Phishing: Be on the Lookout for USPS Scam Texts
Home Advice & How-ToSafety Text Phishing: Be on the Lookout for USPS Scam Texts

Text Phishing: Be on the Lookout for USPS Scam Texts

by Nick Marshall

By now, you likely know to watch out for suspicious phishing emails and over-the-top phone scams, but now there’s a new scam on the block to watch out for.  “Smishing” or SMS phishing is on the rise, and one of the most common versions is the fake USPS scam text.  

Fraudsters are using SMS to access the data stored on their victims’ phones and it’s becoming increasingly frequent, contributing to 241,342 cases of online fraud in 2020 alone.  Here’s how to spot a USPS scam text and protect your personal information.  

How USPS Scam Texts Work

As the name suggests, the USPS Scam involves a seemingly authentic SMS from the U.S. Postal Service in relation to a package that is currently in transit, asking the recipient to click on a link.  It may ask the user to confirm tracking information, supply more details or take a required action to resolve a missed delivery.  

Spokeo logo

Who's Calling Me?

Search any phone number to learn more about the owner!

The actual aim is to install malware on the user’s phone in order to steal personal identifiable information (PII), such as passwords, social security number or bank details.  Alternatively, clicking on the link may take the user to a spoof website that requires logging in, revealing their username and password in the process.  

Why USPS Scams Are So Effective

With SMS open rates still remarkably high — 99% compared to around 30% for email — scammers know that many victims (seniors in particular) have yet to associate text messages with fraud.  In that context, messages that appear to come from familiar sources, such as banks and government agencies, are unlikely to be treated as suspicious.  And where trust is concerned, no company tops USPS.  The Postal Service is consistently named the most trusted brand in the U.S.  

How To Spot Them

Just as many people presented with a “Do Not Touch” button can’t resist pressing it, victims who haven’t  sent nor are expecting a package often can’t help themselves from finding out where it has got to.  Regular USPS users will know, however, that the Postal Service will never send a message that contains a link, and that you have to register with the service first to get a tracking link.  In short, no authentic SMS from USPS will ever be unsolicited, and it certainly won’t be introduced with the word “Urgent,” another common giveaway.  

You can also use a reverse phone lookup tool like Spokeo in an attempt to understand who has sent the text message.  Note that text messages sent by businesses usually come from phone numbers that contain less than ten digits.  If the text message is coming from a ten-digit number, you may be dealing with a scammer.  

Learn how to spot four more common text scams.

What To Do Next

The best strategy is to ignore the SMS, but it’s worth blocking the number and reporting the sender to USPS using spam@uspis.gov.  That at least means you are less likely to receive further attempts in the future.  Above all, do not click on the link.  Malware could run in the background without you realizing any change until it’s too late.  

If you have accidentally clicked on the link and believe your phone is compromised, put your device in airplane mode to shut off WiFi connection and scan your system for malware.  Change your passwords for your most sensitive accounts (bank, PayPal, etc.) and consider filing a fraud alert with one of the three main credit reporting agencies to stop anyone using your accounts to obtain credit lines.  

With Spokeo’s suite of tools for protecting your online activity, you can take a proactive approach to keeping your data safe.  Our reverse phone lookup tool can help you verify where text messages are coming from and our dark web monitoring service can help alert you to any potential further damage should your information become compromised by a data breach or unscrupulous scammer.