With the upcoming holiday season, millions of Americans are taking this year's gift shopping online. Criminals know there's a great chance you might be waiting on a package and are ready to take advantage.
UPS recently put out a statement warning their customers about scammers that are sending out text messages impersonating them in an effort to gain access to your phone, private information, and eventually bank accounts.
The Federal Trade Commision (FTC) reported that in 2021 alone, over $131 million was lost to package delivery text message scams.
Making sure you are aware of the signs of these scams is vital to protecting yourself from falling victim.
UPS has uploaded several examples of fraudulent text messages to their website - let's take a look at some so we can learn about the red flags.
Here are some examples of typical fake UPS text messages:
You can see here that the messages are written extremely informally, with a lack of detail about your package, and none of the website links are to the official UPS website (UPS official URLs are ‘ups.com’ and ‘upsemail.com’).
If you do click on a link sent in one of these UPS scam text messages, one of three things could happen: (We do not recommend clicking on the links)
1. PHISHING METHOD: You will be taken to a fake UPS website asking you to verify various information before “continuing the delivery process”. They usually ask for personally identifying information such as your name, phone number, address, Social Security number (SSN) or your credit card number. This information can then be used either to steal your identity or hack into your various accounts.
(Example of fake UPS website)
2. PAY RELEASE FEE: In this scenario, the scam URL will open and you will be asked to pay a fee, claiming you owe customs charges, in order to “release your package for delivery”. They will have you input your credit card information or have you pay in unordinary ways such as gift cards, wire transfers, or with cryptocurrency.
3. MALWARE: These kinds of links, once clicked on, will start downloading malware on your device - After the malware is downloaded the scammer can use it to find personal information on your device, like log into your bank account. They can also manually lock your device and demand payment in order to unlock it.
UPS says to look for the following signs of fraudulent messages:
Poor grammar - misspellings or excessive use of exclamation points
Sense of Urgency - Alarming messages requesting immediate action, such as "Your account will be suspended within 24 hours." or "Contact us immediately to claim your parcel or prize.
Unexpected Requests - A request attempting to obtain money, financial information (e.g. bank account or payment card numbers), or personal information in exchange for the delivery of a package or other article
Deceptive Link - be suspicious of links containing numbers in place of letters, abbreviations, and slight misspellings in the link.
UPS writes on their website that, “If UPS contacts you regarding a package, the UPS representative will always be able to provide a tracking number, which you can verify on our website. You also should know that UPS may contact you from time to time regarding service offerings or for marketing purposes, but you may always verify our phone number [by googling it] and call back before proceeding…
Please be advised that UPS does not request payments, personal information, financial information, account numbers, IDs, passwords, or copies of invoices in an unsolicited manner through email, text, mail, phone, or fax or specifically in exchange for the transportation of goods or services.”
Share this information to keep others safe from scams like this.
- Genie Team