Url looks suss. Seems kinda sophisticated for the usual ups fishing scam. Here’s the text message I got leading here.

“Wishing you a bright and sunny day!” Lol, I almost want to help this guy by explaining that UPS and American companies in general have disdain for their customers and would never wish them to have anything that would not benefit the company.

  • lethargic_lemming@lemmy.world
    link
    fedilink
    arrow-up
    88
    ·
    9 days ago

    Very well known scam. Some details that give it away:

    (1) They used a url shortener that doesn’t let you see the actual domain. (bit.ly)

    (2) Website domain is not legitimate.

    USPS’s website is usps.com. If the URL doesn’t end in usps.com (meaning usps.fakewebsite.com is still fake) then it’s not legitimate.

    (3) Tone: The USPS doesn’t text you like you’re their friend.

    (4) The number they’re texting you from is not an SMS short code number (usually 5 digits). Instead you’re getting a text from a 10 digit number with an area code, which means it’s a person/individual rather than an application or service.

    source: used to work as cyber sec analyst

    • officermike@lemmy.world
      link
      fedilink
      arrow-up
      31
      ·
      edit-2
      9 days ago

      (5) grammatical error(s): “We will ship again in” instead of “we will ship again on

      Edit: more subtle errors and phrasing that feels like it was written by a non-native English speaker.

      • ilovededyoupiggy@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        23
        ·
        9 days ago

        (6) USPS tracking numbers are like 65 digits long, because they expect to track every hydrogen atom in the known universe individually.

      • BigDiction@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        9 days ago

        Yeah the first bullet copy with the comma and wrong preposition is clearly unprofessional. These scams always use poor contrasting red warning text as well.

      • abbadon420@lemm.ee
        link
        fedilink
        arrow-up
        1
        ·
        9 days ago

        You’re absolutely right, of couse, but keep in mind that communications is still mostly done by people and people are generally fucking stupid.

    • jj4211@lemmy.world
      link
      fedilink
      arrow-up
      7
      ·
      9 days ago

      I’ll add how is it that they could not know the address of the recipient, yet would know their phone number?

      Either the recipient is totally unknown or they know the address. The last thing they would know about a recipient is the phone number.

    • bulwark@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 days ago

      That’s interesting I didn’t think about that fourth point, but whenever I get a verification SMS it does always come from a 5 digit number.

      • viking@infosec.pub
        link
        fedilink
        arrow-up
        5
        ·
        9 days ago

        That one is not hard evidence though, for example delivery drivers from FedEx in my area send text messages from their actual phones announcing an upcoming delivery.

        The messages are still standardized, so I’m assuming they are company phones and send pre-programmed messages from templates, but if I call that number, I’ll actually speak to the person handling my delivery.