The holidays are almost here, and am I getting tons of festive greeting cards? No, I am not, because most people just text or email. Am I getting festive texts from loved ones? Nope again!
I am getting the USPS package delivery scams that are going around, and you probably are, too.
Image of package delivery smishing text scam. Courtesy image
These text scams are a kind of phishing known as "smishing". What is smishing? Smishing is a form of phishing that involves a text message or phone number. Victims will typically receive a deceptive text message intended to lure the recipient into providing their personal or financial information. These scammers often attempt to disguise themselves as a government agency, bank, or other company to lend legitimacy to their claims. In this case they are impersonating the US Postal Service.
A few things stood out to me that this is a phish:
Do not reply to these, or interact with any links. You can just click the "report junk" at the bottom of the text message to report it to Apple as junk, and if you want you can also block the sender (reporting junk just lets Apple know it is sketchy and doesn't block). Just click on the circle with contact info at the top of the message, and you'll be taken to the contact info screen, below.
Image of scammy number contact info. Courtesy image
From the above screen, select the "info" icon at the top.
How to block in iOS. Courtesy image
And then just select the block option, and the contact number is blocked.
To block in Android:
To block a contact on an Android phone, open the "Phone" app, navigate to the contact you want to block, then long-press on their number and select "Block" or "Block number" from the menu that appears; you can also access blocking options through the "Settings" within the Phone app and add numbers to the blocked list there.
Sadly blocking one number won't necessarily be helpful as you will likely get more texts with the same scam from different numbers, but it's always an option.
To report USPS related smishing, send an email to [email protected] (not a typo, this goes to the USPS Inspection Service).
Never interact with these messages, just ignore and delete or report them to the USPS. If you aren't sure if a message is legitimate always go directly to the company's website, never click on a suspicious link.
Stay safe online, watch out for scams and don't click those links!
Editor's note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.