Url looks suss. Seems kinda sophisticated for the usual ups fishing scam. Here’s the text message I got leading here.

“Wishing you a bright and sunny day!” Lol, I almost want to help this guy by explaining that UPS and American companies in general have disdain for their customers and would never wish them to have anything that would not benefit the company.

  • MagicShel@lemmy.zip
    link
    fedilink
    English
    arrow-up
    0
    ·
    21 days ago

    I get these scam texts all the time. It’s 100% a scam, and now that you’ve clicked it, you’ll probably get a bunch more scam in the near future, so be extra cautious.

    • SkaveRat@discuss.tchncs.de
      link
      fedilink
      arrow-up
      0
      ·
      21 days ago

      Reminds me of my previous bank.

      They changed some system countrywide, so I got an email that I need to update some data and go to a website to do that.

      If was something like “update-[bankname]-data-now.tld”.

      It was sent to a unique mail address I used for them. But still though it was phishing.

      Turns out: No. It was real. Whoever came up with the idea to not host that stuff on at least a subdomain of the bank really needs to get fired. and each and every manager who was part of the decision process.

      • hendrik@palaver.p3x.de
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        21 days ago

        Had that happen, too. We all try to educate users to NOT click on some dubious phishing/scams and put in qute some effort to explain it over and over again, and then there are comanies doing things like that. It’s just sad.

        • conciselyverbose@sh.itjust.works
          link
          fedilink
          arrow-up
          0
          ·
          21 days ago

          lol I have to go back to the bank (when there’s a manager, because there wasn’t last time🤦‍♀️), to turn online banking back on for my account.

          It got turned off because I didn’t pick up some spam call they made.

      • Th4tGuyII@fedia.io
        link
        fedilink
        arrow-up
        0
        ·
        21 days ago

        Ugh. I work in the public sector and let me tell you, there are SO many companies that send the most dogiest, scammiest looking emails telling you to follow a link, only for it to turn out to be perfectly legitimate.

        I honestly can see now why people end up falling for these things when even legitimate companies send emails looking just like phishing scammers

    • givesomefucks@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      21 days ago

      The text message is the big red flag, that’s obviously a scam and has been happening for at least a year. Most scam texts are filtered on my phone, but a few of these slip thru.

      I guess they’re just trying to tie phone numbers to addresses so they can sell the phone list for more info.

      Especially with people keeping their cell number while moving states, tying an address to the number and verifying it’s that person would be a tidy profit.

        • QuadratureSurfer@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          21 days ago

          Unfortunately I can think of one company in particular that uses tinyurl when you sign up for shipping updates on their website (looking at you Samsung!).

          At least with that one:

          • you know you signed up for it
          • they send a text right when you sign up for it
          • they use an official short SMS (5 digit) number.
    • SatyrSack@feddit.org
      link
      fedilink
      English
      arrow-up
      0
      ·
      21 days ago

      Also, is it common for a legitimate government agency to use a third-party link shortener like bitly?

  • Technus@lemmy.zip
    link
    fedilink
    arrow-up
    0
    ·
    21 days ago

    Bruh, just look at the address bar. That is not a USPS domain. Obviously it’s a scam.

  • flamingo_pinyata@sopuli.xyz
    link
    fedilink
    arrow-up
    0
    ·
    21 days ago

    Go to the official UPS website (do not click that link, google it) and enter your tracking number.
    If you don’t have a tracking number it means you didn’t order anything, and it’s certainly a scam.

    • snooggums@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      21 days ago

      This is usps, not ups, but everything else is accurate.

      Always check the real site without using a link to get there.

  • superkret@feddit.org
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    21 days ago

    Make your life easier: NEVER click on any link in an email.
    In this case, if you are actually waiting for a USPS package, go to usps.com, enter your package number manually, and see if it tracks.

  • lethargic_lemming@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    21 days ago

    Very well known scam. Some details that give it away:

    (1) They used a url shortener that doesn’t let you see the actual domain. (bit.ly)

    (2) Website domain is not legitimate.

    USPS’s website is usps.com. If the URL doesn’t end in usps.com (meaning usps.fakewebsite.com is still fake) then it’s not legitimate.

    (3) Tone: The USPS doesn’t text you like you’re their friend.

    (4) The number they’re texting you from is not an SMS short code number (usually 5 digits). Instead you’re getting a text from a 10 digit number with an area code, which means it’s a person/individual rather than an application or service.

    source: used to work as cyber sec analyst

    • officermike@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      21 days ago

      (5) grammatical error(s): “We will ship again in” instead of “we will ship again on

      Edit: more subtle errors and phrasing that feels like it was written by a non-native English speaker.

      • ilovededyoupiggy@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        21 days ago

        (6) USPS tracking numbers are like 65 digits long, because they expect to track every hydrogen atom in the known universe individually.

      • BigDiction@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        21 days ago

        Yeah the first bullet copy with the comma and wrong preposition is clearly unprofessional. These scams always use poor contrasting red warning text as well.

        • Klear@sh.itjust.works
          link
          fedilink
          arrow-up
          0
          ·
          21 days ago

          I heard a theory that they put mistakes in intentionally to filter for dumb people.

          Doubt that’s true, but it’s a funny idea.

    • bulwark@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      0
      ·
      21 days ago

      That’s interesting I didn’t think about that fourth point, but whenever I get a verification SMS it does always come from a 5 digit number.

      • viking@infosec.pub
        link
        fedilink
        arrow-up
        0
        ·
        21 days ago

        That one is not hard evidence though, for example delivery drivers from FedEx in my area send text messages from their actual phones announcing an upcoming delivery.

        The messages are still standardized, so I’m assuming they are company phones and send pre-programmed messages from templates, but if I call that number, I’ll actually speak to the person handling my delivery.

    • jj4211@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      21 days ago

      I’ll add how is it that they could not know the address of the recipient, yet would know their phone number?

      Either the recipient is totally unknown or they know the address. The last thing they would know about a recipient is the phone number.

  • Rhynoplaz@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    21 days ago

    Yeah. I was getting these almost daily for a few months. Never responded to them and never missed any expected packages.

    As others have said, that is definitely a link to a fake website.

    • otter@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      0
      ·
      21 days ago

      Furthermore, wtf did they GO TO THE URL FROM A TEXT MESSAGE at all?! 🤦🏽‍♂️

      FFS, people. There’s “I need help with my computer” and then there’s “Some of us shouldn’t have a smartphone”. 🫶🏼

      • Ledivin@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        21 days ago

        tbf, it could be sandboxed and safe. I doubt it is, OP doesn’t seem the type, but it could be.

        • Scrubbles@poptalk.scrubbles.tech
          link
          fedilink
          English
          arrow-up
          0
          ·
          21 days ago

          Doesn’t matter, there’s more than likely a callback in the url that says who it was, and now the sender knows the number is active and the user clicks on links

      • _bcron_@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        21 days ago

        I’m a postal worker and I click these bogus links every single time to check if they escape special characters lol

        • Contramuffin@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          edit-2
          21 days ago

          Even just opening the link can leak info - I would avoid doing so entirely unless your device is sandboxed

    • bulwark@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      0
      ·
      21 days ago

      I actually knew it was a scam and I normally don’t click on them. But I’m glad I’m glad I posted it.

  • Rentlar@lemmy.ca
    link
    fedilink
    arrow-up
    0
    ·
    21 days ago

    Super duper scam. You should very wary of clicking ANY link from a number you do not recognize for any information you do not expect to receive.

  • Hyperlon@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    21 days ago

    Hell my paranoid ass would reinstall windows and change all my passwords after visiting an obvious scam site like that.