this post was submitted on 02 Dec 2024
222 points (88.8% liked)

Ask Lemmy

27089 readers
2379 users here now

A Fediverse community for open-ended, thought provoking questions

Please don't post about current US Politics. If you need to do this, try !politicaldiscussion@lemmy.world


Rules: (interactive)


1) Be nice and; have funDoxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them


2) All posts must end with a '?'This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?


3) No spamPlease do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.


4) NSFW is okay, within reasonJust remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com. NSFW comments should be restricted to posts tagged [NSFW].


5) This is not a support community.
It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.


Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija


Logo design credit goes to: tubbadu


founded 2 years ago
MODERATORS
 

Url looks suss. Seems kinda sophisticated for the usual ups fishing scam. Here's the text message I got leading here.

"Wishing you a bright and sunny day!" Lol, I almost want to help this guy by explaining that UPS and American companies in general have disdain for their customers and would never wish them to have anything that would not benefit the company.

top 50 comments
sorted by: hot top controversial new old
[–] TeoTwawki@lemmy.world 5 points 2 hours ago

your first clue was the link in the next - no shipper is going to miss having its branding in the url. the second if that the url it redirects to its obviously random bs and if you do a whois you see its def not owned by usps.

got a few of these phishing attempts myself over thanksgiving. holiday gift shopping season has begun, the scammers want to catch the less savy among us.

[–] phoenixz@lemmy.ca 10 points 10 hours ago

Yeah, scam. Ibthough that would be obvious, but if it's not: that is a scam, and there are many like it

[–] wolfpack86@lemmy.world 29 points 12 hours ago (1 children)

PSA you can check a bitly link without clicking it by using their link checker: https://support.bitly.com/hc/en-us/p/link-checker

You clicked a random link from an sms message?

That’s a bold move, Cotton.

[–] bitchkat@lemmy.world 7 points 11 hours ago

How could you read that text and then click on link?

[–] Dogiedog64@lemmy.world 24 points 15 hours ago

This is 10000% a scam. That's not the USPS url scheme. Plus, as a government entity, they'll start correspondence through certified mail. Another question you could ask yourself is "Did I order any packages lately?" IF not, then more proof it's a scam.

[–] Blackmist@feddit.uk 42 points 16 hours ago (1 children)

I think there's now a generation gap between kids today and people who were routinely sent to tubgirl and goatse during the internet's formal years.

If your URL is fucky, it's a scam. If you clicked one, they'll send you more.

[–] Dozzi92@lemmy.world 5 points 12 hours ago (1 children)

Our parents couldn't use computers properly, and now our kids can't use them properly either.

That being said, I learned the hard way back in the golden age many, many times.

[–] DokPsy@lemmy.world 1 points 3 hours ago

The good old days of Azureus and Limewire

[–] Sam_Bass@lemmy.world 7 points 12 hours ago

How could you not? Do you buy things so often that that happens a lot? Ignoring the grammatical error of in instead of on, are you actually expecting a package with that numberwhich is not a typical USPS tracking number

[–] CubbyTustard@reddthat.com 6 points 13 hours ago* (last edited 11 hours ago)

100% chance you ordered from temu or ali express and got this message while waiting for a package right?

They sell your order info along to scammers who time these right around when you're expecting your order.

Pretty clever! Definitely a scam!

[–] plz1@lemmy.world 35 points 19 hours ago (1 children)
  1. 3rd party URL shortener, immediate red flag
  2. Non-USPS.com domain once you tapped it (which you shouldn't have)
  3. National service sending from a South Carolina area code instead of a short code or a toll free number
  4. Does USPS even have your phone number tied to your delivery address?
[–] johannesvanderwhales@lemmy.world 3 points 12 hours ago

That also doesn't look anything like a USPS tracking number (which, if this were real, you'd probably already have). Pro-tip: USPS has "informed delivery" where they'll send you an email every day with scans of your mail and any packages on their way to you. Which would give you another way to know that this isn't real.

[–] IDrawPoorly@lemm.ee 9 points 15 hours ago* (last edited 15 hours ago) (2 children)

Kek you clicked that?

Look man, if you want to understand what's going on there's a really short (even for my ADHD) video right here:

The guy here explains exactly why not to do that - https://bitly.com/98K8eH

[–] Nighed@feddit.uk 8 points 14 hours ago* (last edited 14 hours ago) (1 children)

You laugh at someone clicking it then paste a URL shortener link....

[–] wolfpack86@lemmy.world 5 points 13 hours ago* (last edited 13 hours ago)

The joke is always better when someone explains it.

load more comments (1 replies)
[–] nimble@lemmy.blahaj.zone 23 points 18 hours ago (2 children)

Yes, and usps is never going to text you. Be careful about what links you click. This link could have passed through tracking and flagged your number as someone who clicks their links. At the very least they know it's an active phone number, and at worst they start targeting you more frequently (or sell a list to other people to target you).

This is why you shouldn't ever respond, click on, interact with, or even read scam messages. Same goes for emails btw. Disable auto-loading images in emails since that is another way they can track active emails.

But, good job second guessing the message and asking about it. I mean it. Some scams rely on you not talking to anyone so it is good to ask others if you're unsure/uncomfortable. This is especially true if someone tries to tell you not to talk to anyone else since that is a common practice scammers use as well and should be an instant red flag

[–] zalgotext@sh.itjust.works 3 points 11 hours ago

usps is never going to text you.

USPS will text you, but only for packages you explicitly request SMS tracking messages for, those texts will never contain a link to a website, and they will always come from a 6-digit short code, not a full phone number

[–] Sergio@slrpnk.net 7 points 16 hours ago

usps is never going to text you.

Yes, though they might send you emails if you sign up for Informed Delivery: https://www.usps.com/manage/informed-delivery.htm

I've never used it, but it sounds like a great way to clear this up.

[–] olafurp@lemmy.world 14 points 17 hours ago (1 children)

100% yeah. The browser URL doesn't have ups in it.

[–] Sam_Bass@lemmy.world 2 points 12 hours ago

Ups is not usps

[–] SplashJackson@lemmy.ca 9 points 16 hours ago
[–] Honytawk@lemmy.zip 23 points 20 hours ago

An official company is not going to use an URL shortener.

That's only used when you try to hide the URL, or if you think the user is going to type it out manually.

[–] mjhelto@lemm.ee 17 points 19 hours ago (3 children)

They give you the package info. Just ignore their email and input that into the USPS address manually. Kind of like the FedEx and UPS scams. You don't have to use their link to "check the status" of something. Go to the real site, enter number, see fake, ignore!

[–] mxcory@lemmy.blahaj.zone 5 points 16 hours ago (1 children)

That number isn't even anything like a tracking number for USPS.

[–] mjhelto@lemm.ee 2 points 16 hours ago

Then no reason to even question the validity of the original message.

load more comments (2 replies)
[–] BuboScandiacus@mander.xyz 25 points 23 hours ago

Yes.

100% scam

[–] x00z@lemmy.world 6 points 18 hours ago

Even if this is true - which it isn't - it's much better to let packages be sent back to the sender than to take responsibility upon yourself.

[–] Corno@lemm.ee 9 points 20 hours ago* (last edited 20 hours ago)

Yes. Don't click on that link, it's been obscured using an URL shortener

[–] BradleyUffner@lemmy.world 9 points 20 hours ago

Yes, I get them constantly.

[–] hendrik@palaver.p3x.de 291 points 1 day ago* (last edited 1 day ago) (6 children)

I seriously doubt USPS bought a domain like gflrml dot cyou for their business. It's 300% a scam.

[–] SkaveRat@discuss.tchncs.de 103 points 1 day ago (3 children)

Reminds me of my previous bank.

They changed some system countrywide, so I got an email that I need to update some data and go to a website to do that.

If was something like "update-[bankname]-data-now.tld".

It was sent to a unique mail address I used for them. But still though it was phishing.

Turns out: No. It was real. Whoever came up with the idea to not host that stuff on at least a subdomain of the bank really needs to get fired. and each and every manager who was part of the decision process.

load more comments (3 replies)
load more comments (5 replies)
[–] joshcodes@programming.dev 14 points 1 day ago (2 children)

Kinda sad to see some of the comments being assholes about OP clicking a link. Like, how do y'all think phishing works? People click. Get over it and just educate people on why not to. Explain the risks and how to spot the scam. Do any of you think this person would have clicked if they knew for sure? Or if they knew the issues that can occur? It's super easy to sit in the comments and act holier than cos you knew and they didn't.

Yeah it's a scam. Most people get these quite often. Your Telecom company probably blocks these quite often. Someone else went through all the details of the scam like the fake domain, where to report etc.

Some of these links allow people to track who clicks. If you click once, they can provide data that you did and they can target you using other numbers and other scams. Might not be the case with this one, but they can also get your device details from accessing the site, using google analytics, ip data, geolocation stuff, etc. Or they ask you to allow notifications but the notifications are also scams.

General rule of thumb is don't click when you don't trust the source. If youre sceptical, just walk away for a bit. Cops, the government and postmen know where you live, and they won't miss you. It is always okay to trust your gut, be it in a call, messaging platform or on the Web.

[–] Allero@lemmy.today 7 points 1 day ago

Also, in case of any doubt, contact whoever supposedly sent you this directly.

In this case, contact USPS and ask if this is correct.

load more comments (1 replies)
[–] SplooshArmstrong@lemmynsfw.com 10 points 22 hours ago

Yes.

You already knew the URL was off.

[–] daggermoon@lemmy.world 14 points 1 day ago
[–] ech@lemm.ee 59 points 1 day ago* (last edited 1 day ago) (5 children)

Why the fuck did you click a link like that in the first place? That first message is basically screaming at you that it's a phishing attempt.

Best opsec is to delete and block, ideally without opening it at all to avoid read receipts (if that's a function in your phone). If you think it might be legit, go to the website on your own and find a way to confirm independently. If that's still too much to follow through with, at the very least don't click random links sent to you unprompted.

[–] joshcodes@programming.dev 15 points 1 day ago

Hey dude, you had an opportunity to educate someone and instead you belittled them. As someone who works in cyber, please don't do that. People get stigmatised against cyber and IT professionals and they stop trusting us. Users don't know what we do, so be kind to them the way you should be kind to anyone learning new things. https://xkcd.com/1053/

load more comments (4 replies)
[–] Zier@fedia.io 21 points 1 day ago (1 children)

USPS tracking numbers are never "US000000" they are only digits.

[–] derfunkatron@lemmy.world 4 points 16 hours ago (1 children)

This can even be checked at https://tools.usps.com. Try to track the number or use one of the drop downs to see what different USPS service tracking numbers look like.

I have received a legit “undeliverable package” status before but it will never be sent in a text like that. It will only display on the tracking history/status on the USPS tracking website for a given parcel.

[–] Zier@fedia.io 1 points 8 hours ago

100% correct!

[–] AmidFuror@fedia.io 63 points 1 day ago (11 children)

A tangent:

What annoys me is when legitimate companies use non-standard URLs in their hyperlinked emails. For example, if you get a message from Facebook taking you to facebookemail.com, that's actually a domain controlled by the real Facebook.

They're essentially teaching their customers to click on links in emails which use unfamiliar URLs which are superficially similar to the usual one.

load more comments (11 replies)
[–] cerement@slrpnk.net 96 points 1 day ago (2 children)

flip the question around: Why would you think this wasn’t a scam?

[–] otter@lemmy.dbzer0.com 77 points 1 day ago (5 children)

Furthermore, wtf did they GO TO THE URL FROM A TEXT MESSAGE at all?! 🤦🏽‍♂️

FFS, people. There's "I need help with my computer" and then there's "Some of us shouldn't have a smartphone". 🫶🏼

load more comments (5 replies)
load more comments (1 replies)
[–] recklessengagement@lemmy.world 10 points 1 day ago (1 children)

Scam. Suspicious URL, slightly off grammer. Classic phishing.

Contact seller if unsure.

load more comments (1 replies)
load more comments
view more: next ›