Url looks suss. Seems kinda sophisticated for the usual ups fishing scam. Here’s the text message I got leading here.
“Wishing you a bright and sunny day!” Lol, I almost want to help this guy by explaining that UPS and American companies in general have disdain for their customers and would never wish them to have anything that would not benefit the company.
You must log in or register to comment.
flip the question around: Why would you think this wasn’t a scam?
Furthermore, wtf did they GO TO THE URL FROM A TEXT MESSAGE at all?! 🤦🏽♂️
FFS, people. There’s “I need help with my computer” and then there’s “Some of us shouldn’t have a smartphone”. 🫶🏼
tbf, it could be sandboxed and safe. I doubt it is, OP doesn’t seem the type, but it could be.
deleted by creator
Even just opening the link can leak info - I would avoid doing so entirely unless your device is sandboxed
deleted by creator
Very well known scam. Some details that give it away:
(1) They used a url shortener that doesn’t let you see the actual domain. (bit.ly)
(2) Website domain is not legitimate.
USPS’s website is usps.com. If the URL doesn’t end in usps.com (meaning usps.fakewebsite.com is still fake) then it’s not legitimate.
(3) Tone: The USPS doesn’t text you like you’re their friend.
(4) The number they’re texting you from is not an SMS short code number (usually 5 digits). Instead you’re getting a text from a 10 digit number with an area code, which means it’s a person/individual rather than an application or service.
source: used to work as cyber sec analyst
(5) grammatical error(s): “We will ship again in” instead of “we will ship again on”
Edit: more subtle errors and phrasing that feels like it was written by a non-native English speaker.
(6) USPS tracking numbers are like 65 digits long, because they expect to track every hydrogen atom in the known universe individually.
Yeah the first bullet copy with the comma and wrong preposition is clearly unprofessional. These scams always use poor contrasting red warning text as well.
I heard a theory that they put mistakes in intentionally to filter for dumb people.
Doubt that’s true, but it’s a funny idea.
You’re absolutely right, of couse, but keep in mind that communications is still mostly done by people and people are generally fucking stupid.
I’ll add how is it that they could not know the address of the recipient, yet would know their phone number?
Either the recipient is totally unknown or they know the address. The last thing they would know about a recipient is the phone number.
That’s interesting I didn’t think about that fourth point, but whenever I get a verification SMS it does always come from a 5 digit number.
Why the fuck did you click a link like that in the first place? That first message is basically screaming at you that it’s a phishing attempt.
Best opsec is to delete and block, ideally without opening it at all to avoid read receipts (if that’s a function in your phone). If you think it might be legit, go to the website on your own and find a way to confirm independently. If that’s still too much to follow through with, at the very least don’t click random links sent to you unprompted.
You clicked a random link from an sms message?
That’s a bold move, Cotton.
Look at the URL. Of course it’s a scam.
- 3rd party URL shortener, immediate red flag
- Non-USPS.com domain once you tapped it (which you shouldn’t have)
- National service sending from a South Carolina area code instead of a short code or a toll free number
- Does USPS even have your phone number tied to your delivery address?
That also doesn’t look anything like a USPS tracking number (which, if this were real, you’d probably already have). Pro-tip: USPS has “informed delivery” where they’ll send you an email every day with scans of your mail and any packages on their way to you. Which would give you another way to know that this isn’t real.
PSA you can check a bitly link without clicking it by using their link checker: https://support.bitly.com/hc/en-us/p/link-checker
TIL, ty
This is 10000% a scam. That’s not the USPS url scheme. Plus, as a government entity, they’ll start correspondence through certified mail. Another question you could ask yourself is “Did I order any packages lately?” IF not, then more proof it’s a scam.
I get emails from usps all the time, they have a service to alert you of mail and packages arriving. Though, they dont SMS, and wouldnt be using a bit.ly url.
Aside from all of the red flags already listed in other comments…are you even expecting a package to be delivered? I almost never receive a package that I don’t expect
Yes.
100% scam
One thing to note, aside from all the other inconsistencies, that tracking number does not follow the standard tracking number format for a USPS package. The USPS website describes their different tracking numbers for their different services in the FAQ at the bottom of their tracking page. https://tools.usps.com/go/TrackConfirmAction_input
Go to the official UPS website (do not click that link, google it) and enter your tracking number.
If you don’t have a tracking number it means you didn’t order anything, and it’s certainly a scam.This is usps, not ups, but everything else is accurate.
Always check the real site without using a link to get there.
They give you the package info. Just ignore their email and input that into the USPS address manually. Kind of like the FedEx and UPS scams. You don’t have to use their link to “check the status” of something. Go to the real site, enter number, see fake, ignore!
Be careful with this! Sometimes they use real tracking ids!
You can’t trust it even if the package exists.
It’s not about whether the tracking number is legit but whether that tracking number has anything to do with someone’s actual address or a package being sent to them. The status of the tracking number, if legit, should be enough to verify the contents of the original message. In my experience, when the address has been wrong, or input incorrectly, I’ll see some sort of message about difficulty with the address and how it set the address to something or requested information.
Look at the domain name in the url. Not legit
100% scam
