Beware: The USPS Smishing Scam

You’re going about your day, and suddenly, your phone buzzes with a new message notification. Excitedly, you check it, only to find a text from the USPS claiming there’s been a change in your package delivery schedule. They kindly ask you to click on a link to confirm. Seems harmless, right? Wrong! Hold on a moment before you tap that link. What you’re likely facing is a smishing scam, and here’s the lowdown on what you need to know to keep yourself safe.

What is a Smishing Scam?

A smishing scam is a type of cyber-attack where scammers use text messages (SMS) to deceive individuals into divulging sensitive information or downloading malware onto their devices. These messages often appear to be from legitimate sources, such as banks, government agencies, or delivery services like the USPS. The goal of smishing scams is typically to trick recipients into clicking on malicious links or providing personal information, which can then be used for identity theft, financial fraud, or other nefarious purposes.

How Does the USPS Smishing Scam Work?

Here’s how it works: unsuspecting individuals receive a text message typically stating “The USPS package has arrived at the warehouse and cannot be delivered due to incomplete address information. Please confirm your address in the link”. However, if you make the grave mistake of clicking on that link, you’re not confirming your information; you’re inviting malware onto your device. You’ve now granted the scammers unfettered access to your personal information and device. Some of these scams also ask for you to pay a nominal fee to update your information to complete the delivery. What was just a $1 fee that you thought nothing of has now given your bank account or card information to criminals who won’t hesitate to clean you out.

Stay one step ahead by remembering this vital piece of information: the USPS never sends unsolicited text messages regarding package deliveries. So, if you find yourself receiving such a message without having signed up for delivery alerts, it’s a clear indication of a scam.

What to Do If You’re Targeted

If you ever find yourself in the crosshairs of a smishing scam, here’s what you should do:

1. Confirm the Sender: Before taking any action, verify the sender's identity. Reach out to the USPS directly to inquire about any potential changes in your delivery schedule.
2. Exercise Caution: Resist the urge to engage with the sender or click on any links within the message.
3. Document and Delete: Take a screenshot of the suspicious text for evidence, then promptly delete the message from your device.
4. Enhance Security: Block the sender's number and reinforce the security measures on your device to prevent any further incursions.
5. Guard Your Information: Never divulge sensitive personal information to unverified sources, regardless of the pretext.
6. Cancel your card: If you did click on the link and provided your card number you will want to cancel the card and contact your financial institution to issue you a new one to prevent any unauthorized access to your money.

Reporting the Scam

Playing your part in thwarting scammers is crucial. Here’s how you can report the scam:

• Email: Send a screenshot of the fraudulent text to spam@uspis.gov, ensuring that it includes the sender’s number and the date it was received. Provide your name and any pertinent details about the scam in the email.
• FTC Complaints: Lodge a complaint with the Federal Trade Commission (FTC) through their website, FTC.gov.
• Contact Your Credit Union or Bank: You can add an alert to your account or cancel your debit or credit card that you used to “confirm package delivery” so you don’t end up having your account drained by the scammer. If you are a current member of FAFCU you can contact us via email, live chat, text or by calling 231-879-4154 for help.

Stay Vigilant, Stay Safe

In a world teeming with digital threats, vigilance is your best defense. By staying informed and exercising caution, you can navigate the murky waters of online scams unscathed. Remember, a single click can have far-reaching consequences, so think before you tap. Stay alert, stay informed, and most importantly, stay safe! At Forest Area Federal Credit Union we keep up with modern scams and inform our members via our newsletter as well as in our online security center which includes fraud awareness and protection and identity theft.

Here are some extra steps you can take to bolster your defenses against smishing scams:

1. Educate Your Circle: Share information about smishing scams with friends and family to ensure they’re also aware and vigilant.
2. Enable Two-Factor Authentication (2FA): Utilize 2FA wherever possible to add an extra layer of security to your accounts.
3. Install Security Software: Consider installing reputable antivirus and anti-malware software on your devices to detect and thwart potential threats.
4. Regularly Update Software: Keep your device’s operating system and applications up to date to patch security vulnerabilities.
5. Use Trusted Sources: Only download apps and software from official app stores or reputable websites to minimize the risk of downloading malware.
6. Stay Informed: Keep abreast of the latest scam tactics and cybersecurity best practices by following reputable sources online.

In the ever-evolving landscape of cyber threats, it’s essential to remain vigilant and proactive in safeguarding your digital identity and personal information. By arming yourself with knowledge and implementing robust security measures, you can thwart the efforts of scammers and protect yourself from falling victim to smishing and other fraudulent schemes. Remember, when it comes to your online safety, caution is your greatest ally. Stay safe, stay informed, and stay one step ahead of the scammers.