I’ve been anxiously expecting a package from UPS. That’s why a text I received the other day caught my eye. Claiming to be from UPS, the message said that the carrier attempted to deliver the package on June 27, but the delivery couldn’t be completed. The date was one in which my wife and I were away, so this seemed legitimate at first glance.
Also: Got a suspicious E-ZPass text? Don’t click the link (and what to do if you already did)
However, I’ve written plenty of cybersecurity stories, and I keep abreast of the latest news in the world of cybercrime. I know that UPS scam messages have been making the rounds, especially at this time of year. Naturally, my spider sense started tingling even before I read the text itself. But after reviewing the message and checking out all the details, I realized this was clearly a scam.
Scammers like to schedule specific types of scams for certain times of the year. During tax season, you’ll see a lot of scams that spoof the IRS. During the holiday season, gift-card scams ramp up. And during the summer, missed-delivery scams are popular since the crooks know that people are often away on vacation.
How the UPS scam works
This particular UPS scam is a savvy one, at least in some ways. I received the message on my iPhone, with the sender labeled as unknown. By default, links in a text message from an unknown sender are disabled, so you can’t click on them to open them. But the scammer used a sneaky trick to get around this obstacle.
Also: Clicked on a phishing link? 7 steps to take immediately to protect your accounts
You’re instructed to reply to the message by typing Y. Doing so then turns the scammer into a known sender. Open the message again, and now the link is clickable. If that doesn’t work, another option is to copy and paste the link into Safari, where it takes you directly to the malicious website.
From there, the website prompts you to confirm your contact information if you want to get your package. That means your name, address, phone number, and sometimes a credit card or social security number. If you take the bait, the criminals now have all those sensitive details that they can use to steal your money or your identity.
How I can tell it’s a scam
Beyond a general awareness of these types of scams, what other clues tipped me off?
First was the sender’s email address. Rather than adopt an official UPS name or address, the scammer used a random handle and domain name that had no relation to UPS. The email address is easy enough to review. Always scrutinize it to see if it seems legitimate or related to the company.
Also: I clicked on four sneaky online scams on purpose – to show you how they work
Second, the message conveyed a sense of urgency — always a sign of malicious intent. In this case, the text told me that my package would be held by UPS for a mere three days before being sent back to the original sender. That’s a short timeframe without even an attempted redelivery, which UPS usually tries before sending the package back.
Third, emails or messages from UPS generally include a tracking number or other means of identifying the package. This message contained no specific details and was instead generic and vague, another sign of a scam.
How to protect yourself
Add all those signs together with an awareness of the current trends in cyber scams, and I knew this was clearly fraudulent. Aside from deducing the clues, how can you protect yourself from these types of scams?
- Never respond to a text message directly. Instead, launch a browser and open the website in question, in this case, the UPS site. Sign in with your account if you have one, and check for any recent messages or notifications. If you’re expecting a delivery, you should find the information about it on the site. You can also always call the company directly to investigate further.
- Never click on a link or attachment. Apple wisely disables links from unknown senders. But if you do ever receive a text or email with a link or attachment, never engage with it. Again, check the related website separately.
- Proofread the message. The text I received was well written, but many spam and scam messages contain typos and grammatical errors. Look for any misspellings or other mistakes.
- Check the company’s website for help. Many companies like UPS offer online advice on how to detect and avoid scams. The UPS page on “Protect Yourself From Fraud and Scams” looks at different types of frauds and how to combat them.
Also: That weird CAPTCHA could be a malware trap – here’s how to protect yourself
Get the morning’s top stories in your inbox each day with our Tech Today newsletter.
Source: Robotics - zdnet.com
