Many messages talk about “track your package” or “click now to claim your package“ and “you missed your package.”
It is the perfect scheme for a pandemic and the holidays when we are ordering more online than ever before.
“You have maybe 90 percent of the population that has had some overlap with shipping right now,” said Michael Skiba, who is known as Dr. Fraud.
“An attack that uses FedEx or UPS or USPS as the content of the message could potentially trick someone, especially if they’re already expecting something to be delivered,” said Phil Menard, a UTSA professor who teaches network security.
He said not to be fooled. Delivery services have specific ways to communicate with customers.
“With FedEX, they’ve released a statement, as has UPS and the Postal Service, that they will not text anybody about upcoming deliveries,” Menard said.
The scheme usually asks you to clink a link to verify your personal information or supply payment information through a text or email. It can harm you in two ways:
“Inserting malware on your system, which is dangerous enough, but even more dangerous and long lasting is personal information. You know, getting those tidbits,” said Skiba. “Those are what the criminals are looking for, piecing together your name, your date of birth, your address.”
Do not click on a link in a text. Menard said people are likely to open 98 percent of texts.
“So, that factor right there means that the attacker has a much better chance that you’ll even open it in the first place,” Menard said. “Now, they’ve got you on the hook to potentially trick you into doing something.”
Phony text messages can be especially harmful.
“Emails have filters and spam blockers already built in, whereas text services don’t,” Menard said. “So you’re getting more potential malicious activity coming through your text. The other thing is people don’t have antivirus software installed on their smartphones at the same rate that they do on their desktop or laptop machines. About 90 percent of people have antivirus software installed on their desktops, 80 percent on their laptops, but only half of the people have antivirus software installed on their smartphones.”
Also, do some checking on emails about packages.
“Look at where the email is coming from because the email address of where the attacker is sending from is not going to be FedEx, UPS or USPS,” Menard said.
Check any links in emails easily by copying and pasting the full link into a search engine’s search bar.
“A lot of time a site might come up and say, you know, hey this is a scam site,” Skiba said.
Contact the delivery service or retailer directly if you are wondering where your package is.
“If you have a tracking number, you can input that,” Menard said. “That’s a safe, reliable way to actually understand what’ s going on with your package.”
Otherwise you give schemers the opportunity to special deliver identity theft to you.
If you have a question for Eyewitness Wants to Know, email us at EWTK@kens5.com or call 210-377-8647.