Url looks suss. Seems kinda sophisticated for the usual ups fishing scam. Here’s the text message I got leading here.
“Wishing you a bright and sunny day!” Lol, I almost want to help this guy by explaining that UPS and American companies in general have disdain for their customers and would never wish them to have anything that would not benefit the company.
You must log in or # to comment.
your first clue was the link in the next - no shipper is going to miss having its branding in the url. the second if that the url it redirects to its obviously random bs and if you do a whois you see its def not owned by usps.
got a few of these phishing attempts myself over thanksgiving. holiday gift shopping season has begun, the scammers want to catch the less savy among us.
You clicked a random link from an sms message?
That’s a bold move, Cotton.
PSA you can check a bitly link without clicking it by using their link checker: https://support.bitly.com/hc/en-us/p/link-checker
TIL, ty
I think there’s now a generation gap between kids today and people who were routinely sent to tubgirl and goatse during the internet’s formal years.
If your URL is fucky, it’s a scam. If you clicked one, they’ll send you more.
Our parents couldn’t use computers properly, and now our kids can’t use them properly either.
That being said, I learned the hard way back in the golden age many, many times.
The good old days of Azureus and Limewire
This is 10000% a scam. That’s not the USPS url scheme. Plus, as a government entity, they’ll start correspondence through certified mail. Another question you could ask yourself is “Did I order any packages lately?” IF not, then more proof it’s a scam.
Yeah, scam. Ibthough that would be obvious, but if it’s not: that is a scam, and there are many like it
- 3rd party URL shortener, immediate red flag
- Non-USPS.com domain once you tapped it (which you shouldn’t have)
- National service sending from a South Carolina area code instead of a short code or a toll free number
- Does USPS even have your phone number tied to your delivery address?
That also doesn’t look anything like a USPS tracking number (which, if this were real, you’d probably already have). Pro-tip: USPS has “informed delivery” where they’ll send you an email every day with scans of your mail and any packages on their way to you. Which would give you another way to know that this isn’t real.
Yes, and usps is never going to text you. Be careful about what links you click. This link could have passed through tracking and flagged your number as someone who clicks their links. At the very least they know it’s an active phone number, and at worst they start targeting you more frequently (or sell a list to other people to target you).
This is why you shouldn’t ever respond, click on, interact with, or even read scam messages. Same goes for emails btw. Disable auto-loading images in emails since that is another way they can track active emails.
But, good job second guessing the message and asking about it. I mean it. Some scams rely on you not talking to anyone so it is good to ask others if you’re unsure/uncomfortable. This is especially true if someone tries to tell you not to talk to anyone else since that is a common practice scammers use as well and should be an instant red flag
usps is never going to text you.
Yes, though they might send you emails if you sign up for Informed Delivery: https://www.usps.com/manage/informed-delivery.htm
I’ve never used it, but it sounds like a great way to clear this up.
usps is never going to text you.
USPS will text you, but only for packages you explicitly request SMS tracking messages for, those texts will never contain a link to a website, and they will always come from a 6-digit short code, not a full phone number
How could you read that text and then click on link?
How could you not? Do you buy things so often that that happens a lot? Ignoring the grammatical error of in instead of on, are you actually expecting a package with that numberwhich is not a typical USPS tracking number
100% yeah. The browser URL doesn’t have ups in it.
Ups is not usps
An official company is not going to use an URL shortener.
That’s only used when you try to hide the URL, or if you think the user is going to type it out manually.
I seriously doubt USPS bought a domain like gflrml dot cyou for their business. It’s 300% a scam.
Reminds me of my previous bank.
They changed some system countrywide, so I got an email that I need to update some data and go to a website to do that.
If was something like “update-[bankname]-data-now.tld”.
It was sent to a unique mail address I used for them. But still though it was phishing.
Turns out: No. It was real. Whoever came up with the idea to not host that stuff on at least a subdomain of the bank really needs to get fired. and each and every manager who was part of the decision process.
Ugh. I work in the public sector and let me tell you, there are SO many companies that send the most dogiest, scammiest looking emails telling you to follow a link, only for it to turn out to be perfectly legitimate.
I honestly can see now why people end up falling for these things when even legitimate companies send emails looking just like phishing scammers
Had that happen, too. We all try to educate users to NOT click on some dubious phishing/scams and put in qute some effort to explain it over and over again, and then there are companies doing things like that. It’s just sad.
lol I have to go back to the bank (when there’s a manager, because there wasn’t last time🤦♀️), to turn online banking back on for my account.
It got turned off because I didn’t pick up some spam call they made.
The text message is the big red flag, that’s obviously a scam and has been happening for at least a year. Most scam texts are filtered on my phone, but a few of these slip thru.
I guess they’re just trying to tie phone numbers to addresses so they can sell the phone list for more info.
Especially with people keeping their cell number while moving states, tying an address to the number and verifying it’s that person would be a tidy profit.
Link shortener (not their own at least) is another massive red flag, same with typos (‘number number’ in page)
Unfortunately I can think of one company in particular that uses tinyurl when you sign up for shipping updates on their website (looking at you Samsung!).
At least with that one:
- you know you signed up for it
- they send a text right when you sign up for it
- they use an official short SMS (5 digit) number.
Also, is it common for a legitimate government agency to use a third-party link shortener like bitly?
You mean (uint32_t)-1 %
Kek you clicked that?
Look man, if you want to understand what’s going on there’s a really short (even for my ADHD) video right here:
The guy here explains exactly why not to do that - https://bitly.com/98K8eH
You laugh at someone clicking it then paste a URL shortener link…
The joke is always better when someone explains it.
I don’t even need to click taht to know his initials are R.A. :-)
They give you the package info. Just ignore their email and input that into the USPS address manually. Kind of like the FedEx and UPS scams. You don’t have to use their link to “check the status” of something. Go to the real site, enter number, see fake, ignore!
That number isn’t even anything like a tracking number for USPS.
Then no reason to even question the validity of the original message.
Be careful with this! Sometimes they use real tracking ids!
You can’t trust it even if the package exists.
It’s not about whether the tracking number is legit but whether that tracking number has anything to do with someone’s actual address or a package being sent to them. The status of the tracking number, if legit, should be enough to verify the contents of the original message. In my experience, when the address has been wrong, or input incorrectly, I’ll see some sort of message about difficulty with the address and how it set the address to something or requested information.
