Most people don’t realize the risks of clicking links in text messages instead of receiving them as text messages. Most people also aren’t aware of the fact that their phones can receive text messages from any number on Earth. Have you ever encountered a “UPSPS package not delivered” notification? Attackers often make big bucks by sending SMS when trying to phish for sensitive information like credentials or financial data. To look more realistic, they usually choose a disguise of a familiar organization – like United States Parcel Service (USPS).

What is a USPS scam text ?

USPS scam text is one type of smishing in which scammers disguise themselves as the parcel service. This method of fraud involves unsolicited mobile text messages indicating that the delivery is waiting for your action, with an unrecognized web link to click on in the message body. Do not follow the link. This type of fraudulent campaign is a fraud called smishing. Below in this article, we provide some details about this USPS text message scam.

EXAMPLE of USPS scam text (USPS unable to deliver text):

USPS Currently Awaiting Package
Undeliverable as Addressed(UAA) Problem with Address
USPS Allows you to Redeliver your package to your address in case of delivery failure or any other case. Nowadays, users often come across scheduled delivery USPS text scams.
You can also track the package anytime, from shipment to delivery.

How Does the USPS Text Message Scam work?

The United States Postal Inspection Service (USPIS) warns people of an increased risk of smishing scams that use the US Postal Service as a facade. The USPS text fraud trick victims into downloading malware onto their phones or sharing personal information with the USPS package in the hopes of stealing victims’ identities or emptying bank accounts.

Soon after making a purchase online, the scammer obtains access to the victim’s device. They can then take advantage of the confusion caused by receiving a package quickly to collect personal information. This scam also works well on individuals who recently ordered a gift delivery.

How to report USPS related smishing:

If you have received USPS scam text, you can report it. To do USPS package-related smishing, email spam@uspis.gov.

• Сopy the body of the suspicious text message and paste it into a new email without clicking on the web link.
• Enter your name in the email, and also add a screenshot of the text message showing the sender’s phone number and the date sent.
• Include any relevant details in your email.
• The Postal Inspection Service will contact you for more details.

Complaints of non-USPS related smishing can also be sent to any of the following law enforcement partners of the U.S. Postal Inspection Service:

• The Federal Bureau of Investigation’s (FBI), Internet Crime Complaint Center (IC3)
• The Federal Trade Commission.

The Right Way to Arrange a Redelivery

The USPS text scam recently warned the public about a popular scam involving fake mail notifications. They provide instructions on how to report bogus text messages sent by scammers. The first step to protecting yourself from data harvesting is to always double-check that the official site your data is being delivered to matches the URL you see on the landing page. Be careful with the USPS text message hack.

This way, you’re sure to catch any mistakes before they occur. No matter the delivery service, always pay attention to the URL on the landing page and ensure it matches up with the official site you’re familiar with. Failing to do so can lead to them following up on your data later with no guarantee that they won’t reap your information if they make a mistake.

The post USPS Scam Text 2024: “Your Package Could Not Be Delivered” appeared first on Gridinsoft Blog.

1. Phishing attacks

According to FBI statistics, phishing is the most common form of social engineering. This is when fraudsters use any form of communication, usually email, to get personal information. Phishing typically exploits the trust of companies’ employees or family members. These attacks are ten times more successful than any other form of social engineering. The fraudster may send you an email stating that it is from your bank – that’s what is called banking phishing. Crooks claim that your account password has been compromised, and requires that you immediately click the link or scan the QR code. Then you enter your personal information, which is immediately passed on to the fraudster. If you doubt the legitimacy of the site,you can check whether the site is secure by checking that their URL uses HTTPS instead of HTTP.

2. Whaling

The term whaling refers to an attack that targets a specific celebrity, executive, or government employee. Typically, these individuals are targeted by a phishing scam. When it comes to scams involving victims of whaling attacks, financial incentives or access to valuable data are typically big deals for criminals. They consider these victims of big fish – because of the large monetary and data payoff they offer – perfect targets.

Scammers seek compromising photos of celebrities they can use to extortionate high ransoms. Criminals use fake emails to fool senior employees into thinking they come from the organization. The messages detail information about a colleague and claim the creator is afraid to report the situation to a supervisor. They share their evidence as a spreadsheet, PDF, or slide deck.

Victims clicking the provided link are redirected to a malicious website that tells them to visit the link again. If they try to open the attached file, malware resides on their computer and gains access to their network.

3. Smishing (SMS phishing) and vishing (voice phishing)

Under this term, people refer to phishing via text messages. Crooks buy the branded number from a cellular operator and use it to send out messages containing malicious links.

Phone phishing is called vishing, and it’s the same as phishing done over the phone. Vishing is a scam that affects businesses more than any other type of organization. In this scam, an impostor will contact the front desk, human resources, IT or a company’s customer service. They will lie about needing personal information about an employee and claim to have information on mortgages or executive assistants.

4. Baiting

It’s a kind of social engineering that’s a lot like phishing. The only difference is that the attackers lure their victim with a product or an object during the attack. This happens as follows: the attacker offers the victim a free download of a popular movie or a new game. With such a disguise, the criminal installs malware into the victim’s system. Attackers can also use the opportunity to spread malware on the victim’s device. If we talk about the physical distribution of malware, here, the crooks do it through a USB drive with a tempting label. After the curious employee sticks this USB into his device, he infects his PC or other devices.

5. Pretexting

Whenever someone creates a false ID or abuses their current position, this is closely related to the data leak from within. Because people trust their work, these scammers trick victims into sharing personal information. They build this trust by using titles and gaining access to victims through their legitimacy. Because of the victim’s over-reliance on the authorities, they are unlikely to question suspicious activities or put pressure on impostors.

6. Watering hole attacks

This attack works by identifying the website the victim visits most. In this case, the victim may be not only a single user but an entire sector, such as government or health care, where the same sources of use are used during work. Here, intruders seek vulnerabilities in cyber security, through which they can infiltrate the system and distribute their malware. Although the case is small, the fraudsters continue to infect users’ devices through already infected sites.

How to prevent Social Engineering Attacks

The following tips will help you warn yourself against attacks. But this is only possible if you use it in practice.

• Carefully check emails, including names, addresses, and copy.
• Do not believe everything you see in the letter, especially if it causes you violent emotions.
• Verify the identity of the sender before providing him with any information.
• Do not pay ransom to strangers. Instead, it is best to contact law enforcement.
• Use the password manager.
• Set two-factor authentication, which will double-check who is trying to log in to your account.
• Install reliable GridinSoft Anti-Malware Protection, which will protect you from malware.

The post Most Common Types of Social Engineering Attacks appeared first on Gridinsoft Blog.

You’ve probably heard the word ‘phishing‘. Today not only specialists from the cybersecurity field are actively talking about it but also ordinary users often are looking on the internet how to know if the email they received the other day could be a phishing attempt.

But before you jump right into research you should know exactly what type of online fraud you’ve encountered.

Because apart from phishing there are also smishing and vishing; what those are and how they different we’ll explain below.

What Is Smishing

Smishing is similar to the phishing technique of online fraud but instead of exploiting email fraud possibilities explores those of texts ( mainly via various message apps or SMS).

For example, user may receive a notification in WhatsApp messenger saying that they need to reschedule their package delivery.

To do this they need to follow the link given below. But what happens when the notification comes from fraudsters is that user can have some malware installed via that link.

Another example is when thousands of people around United Kingdom received fraudulent text messages saying that the payment is needed to be made in order for a package to be delivered.

Those who received these fake text messages were instructed to click on an attached link that will lead them to a fraudulent website where criminals would collect victims’ personal or financial information.

What Is Vishing

Unlike phishing and smishing where fraudsters use text as a medium of malicious action in the case of vishing it is voice. Criminals may pretend to call you from your bank or another trusted company and try to obtain from you your passwords, addresses, login credentials, etc. They will try very persuasively to make targeted person answer their calls’ questions. In such a case victim can feel like they have no other option than to answer the questions.

Sometimes to reinforce the successful fraud criminals will accompany their calls with emails asking person urgently to call them by the given phone number. The third vishing tactic by which fraudsters also go to leave threatening in tone voicemails like warning that the recipient should call immediately explaining that in other case they risk being arrested, have their bank account blocked or some worse things may happen.

What’s The Difference Between Vishing And Smishing

Both terms mean specifically designed social engineering attack where criminals pretend to be someone to exploit a victim’s trust in such a way. It’s because more than 96% of social engineering attacks happen via emails the term ‘Phishing’ is exclusively used only when speaking about email based fraud. But, of course, social engineering attacks also include other mediums of social engineering attacks like social media phishing, vishing and smishing.

Regardless of how the fraudulent message is delivered it appears to come from trusted sender and may ask a recipient to do the next:

• To do some explicitly stated action. Criminals may ask victim to buy vouchers or transfer because of some important matter different sums of funds;
• Give a reply to the message. Fraudsters may want you to reply to their message with some sensitive or personal kind of information;
• Click on a link. You will be asked either to download a file or submit via attached link your personal information.

How To Identify Vishing Attack

Vishing attacks in some way resemble smishing but there is one exceptional way we can identify that it’s specifically is vishing. Vishing fraudsters can pretend to be the next persons to defraud you:

• Tech support. You may receive a phone call from a person saying they are IT support and thus they notify you over virus infection that happened to your computer. Usually you will be asked to buy a ‘needed’ software ( which can be some malware or spyware) or give attacker a remote control over your computer to fix the issue;
• Government institutions. These fraudulent phone calls usually is accompanied with legal threat action if a recipient won’t respond. You may be notified that you are owed tax refund or you need to pay some fine;
• Banks. These bank phone frauds try to give an effect of some alarm like something’s happening with your bank account; possibly someone took an unauthorized control over it and the bank support noticed it and now they offer you their ‘urgent help’;
• Charities or businesses. Fraudsters inform you via phone that you have won some exclusive prize, offer you ‘lucrative’ business investment or ask you to make donations to some charity.

How To Identify Smishing Attack

Smishing attacks are similar to phishing emails but in a case of a smishing fraudsters need to rely on much less text space to get their victim hooked.

But nevertheless smishing fraudsters have also developed their own unique approuches to how create authentic looking catch text message. The sighns for smishing you should be looking for are the next:

• An urgent request. You received a message with an urgent call for action to verify your personal information, for example, that should be completed via attached link or automated phone number;
• Text message from your bank or other institution you are familiar with. A victim of smishing may receive text message that appear to have been sent from companies or organizations victim may be familiar with;
• Congratulations on winning some contest. It can be message that congratulates you on having won in some contest wnd as a result notifiyng you that now the winner can claim the prize;
• Money help. Someone asking you for help via text message should definitely be a red flag for smishing. Most likely you don’t know who the person is and out of nowhere they ask you for money;
• Unexpected links and downloads. Sometimes messages with some downloads and links can be accompanied by text but on the whole the task is to make you click on it.

The post Smishing And Vishing: Differences To Know About Phishing Attacks appeared first on Gridinsoft Blog.

]]> https://gridinsoft.com/blogs/smishing-and-vishing-differences-you-need-to-know-about-these-phishing-attacks/feed/ 0 8511