A sophisticated new phishing scam is targeting online shoppers by impersonating the United States Postal Service (USPS). The scam, which uses the fake tracking number “US9524901144737“, sends unsuspecting victims text messages claiming a USPS package is awaiting address confirmation for delivery.
Clicking the link in the text leads to a convincing but fraudulent USPS website. There, the victim is prompted to enter personal information and pay a small “redelivery fee“, which gives the scammers access to the victim’s credit card details. In some cases, the fake site may also attempt to infect the user’s device with malware.
Contents
How the Scam Works
The phishing messages are sent via SMS text from various phone numbers. They contain urgent language claiming the victim’s package delivery is delayed pending address confirmation. A link is provided to an official-looking USPS page to update the delivery address.
On the phishing site, forms prompt the user to enter their full name, address, date of birth and credit card information under the guise of scheduling redelivery and paying a small fee, typically $1.99. If the victim enters their data, it is harvested by the scammers behind the site.
The fake tracking number makes the scam more believable, as victims may be expecting a real USPS delivery. “US9524901144737” returns no results when checked on the actual USPS website, but anxious shoppers awaiting a package may overlook this red flag in their haste to resolve the supposed delivery issue.
Consequences for Victims
For those who fall for the scam and divulge their personal data, the consequences can be severe. The scammers may use the stolen identity information to:
- Drain the victim’s bank accounts
- Make fraudulent purchases
- Open credit cards or loans in the victim’s name
- Sell the data on the dark web
This can leave the victim with a damaged credit score, emptied bank accounts, and a stressful mess to clean up. Resolving identity theft can be a lengthy, expensive and emotionally draining process.
Some fake sites may also attempt to install malware on the user’s device to steal even more sensitive data like saved passwords. Malware can allow scammers to spy on the victim’s online activity, putting them at risk for additional attacks.
Prevalence of Phishing Attacks
Phishing remains one of the most common tactics used by cybercriminals due to its effectiveness. 22% of data breaches in 2019 involved phishing, with 96% of attacks arriving by email. However, scammers are increasingly using SMS text messages as well, a practice known as “smishing”.
Phishing attacks aim to trick people into revealing sensitive data by impersonating a trusted entity like USPS, banks or government agencies. Scammers exploit human psychology, using fake urgency and familiarity to manipulate victims.
No company is immune, as even tech giants Facebook and Google were famously swindled out of $100 million in a multi-year phishing scheme where the scammer impersonated a vendor and forged invoices. However, individuals are the most frequent phishing targets.
How to Spot and Avoid USPS Phishing Scams
To protect yourself from the US9524901144737 scam and similar phishing attempts, be on alert for these red flags:
- Unsolicited messages claiming issues with your deliveries
- Tracking numbers that don’t work on the official USPS site
- Misspelled URLs not ending in usps.com
- Requests for personal data, passwords or credit card info
- Urgent calls to action and vague greetings like “Dear customer”
If you receive a suspicious text or email about a USPS delivery:
- Do not click any links or open attachments
- Contact USPS directly using a verified number to check your deliveries
- Forward phishing texts to SPAM (7726) and emails to [email protected]
Enabling two-factor authentication on accounts, keeping software updated, and using security tools like spam filters and antivirus programs add extra layers of protection against evolving phishing tactics. Regularly monitoring financial statements can also help catch fraud quickly.
Final Words
As more people shop online, scammers will continue to exploit the USPS name and parcel delivery process to steal personal and financial data. While no one is immune to increasingly sophisticated phishing attempts, staying informed about common scam tactics and being cautious with unsolicited messages can help you avoid becoming the next victim. Remember, when in doubt, always go directly to the source to verify questionable tracking numbers or requests for info.