You’re going about you day and a text comes in… It’s from USPS and they need to verify some information or your package won’t be delivered. Considering e-commerce sales increased by 43% in 2020, it’s probably not out of the ordinary to have a package on its way to your doorstep. If you ever receive texts like this, DON’T CLICK THAT LINK!
Messages like this are called Smishing. Smishing is a type of scam in which criminals send an SMS (text message) to a victim pretending to be some institution, such as a bank or a company, in order to steal personal information. The word “smishing” is a combination of the terms SMS (short for “short message services”) and “phishing”. The text may look authentic, and these scammers often try to disguise themselves as legitimate companies to mask their attempt to deceive you and lure you into providing personal or financial information.
USPS isn’t the only delivery service scammers are impersonating - watch out for texts that appear to be from UPS, FedEx or any other local delivery service. If you never signed up for any of their tracking services, then DON’T CLICK THAT LINK! In fact, while the US Postal Service offers tools to track specific packages, customers are required to either register online or initiate a text to USPS with your provided tracking number. USPS will not send customers text messages or e-mails without a customer having requested the tracking service. More importantly, their message WILL NOT CONTAIN A LINK, even if you did initiate the request!
Remember, legitimate companies will not ask you to provide personal information. As your financial institution, we will also never send you text messages, emails or call you and ask for your personal information.
So, what should you do? Here are some steps you can take to protect your information:
- STOP AND THINK: First and foremost, do not interact with the message. If you click a link or attachment in a spam message, it could trigger malware that infects your phone, take you to fake websites that look real, and steal your information. Scammers rely on a sense of urgency to get you to react quickly. A sure sign of a scam is a message telling you time is running out, contains threats of severe consequences or failure of delivery. Verify the identity of the sender and take the time to ask yourself why the sender is asking for you information.
- DON’T RESPOND: You also don't want to respond. Many legitimate robotexts include an option to text STOP to tell the company to remove you from their distribution list. These will typically come immediately after signing up for text alert service, but that doesn't work with scammers. If you receive a text from an unknown sender, don’t reply at all, and definitely don’t click on links provided in text messages. In fact, by responding to a spam message, you're only confirming to the scammer that your number is valid. Instead, block unwanted messages without replying, and delete it if your phone doesn’t do that automatically.
- CONTACT TRUSTED PARTIES DIRECTLY: If you are being asked to verify any information, do not click the links provided, or give your information to the party who called. Instead hang up and contact that company, or go online directly to the company’s website to verify your information. Most online shopping services provide you with tracking links in your accounts or order notifications. Use those to track your packages instead.
- REPORT: Contact the bank, government agency, or company that the scam artist is impersonating so it can alert others and work with law enforcement to investigate the activity.
- BLOCK SPAM MESSAGES: Call your carrier’s customer service number (usually 611) and instruct them to “Block all text messages sent to you as email” and “Block all multimedia messages sent to you as email.” You also might be able to log into your account and activate these blocks there.
- PROTECT YOUR PERSONAL INFORMATION: Your Social Security number, credit card numbers, and other personally identifiable information can be used to steal your money or open new accounts in your name without your knowledge or approval.
- KEEP DEVICES SECURE: Use the same safety and security practices on your cell phone as you do on your computer by keeping your software up-to-date. Phone operating systems such as Android and iOS regularly receive patches designed to close up security holes, so neglecting to install updates can leave you vulnerable to cyberattacks. Make sure all your apps are kept up to date as well.
You can report complaints of scams directly to the United States Postal Inspection Service at email@example.com.
Complaints of non-USPS related smishing can also be sent to any of the following law enforcement partners of the U.S. Postal Inspection Service: