Cybercriminals are increasingly targeting iPhone users with fraudulent text messages impersonating UPS, aiming to steal personal information. These deceptive messages inform recipients of a supposed failed package delivery and provide instructions to reschedule, claiming that failure to do so will result in the package being returned to the sender. The messages often appear legitimate, lacking obvious grammatical errors, but notably omit specific package numbers, indicating a broad targeting strategy.
The scam texts include a link to a counterfeit UPS website and urge recipients to reply with the letter Y to activate the link. By default, links in messages from unknown senders are not tappable on iPhones. Replying with Y marks the sender as known, making the link tappable. The message may also suggest copying and pasting the fraudulent link into Safari, further encouraging interaction. Once on the fake website, users are prompted to update their contact details, a clear phishing attempt to harvest personal information.
Why the Scam is Spreading
These scams are proliferating due to their low cost and high reach. Criminal networks, some operating from China, utilize inexpensive mass texting platforms and bulk phone number purchases to disseminate millions of messages. Even a small percentage of responses can yield significant returns. Apple has implemented safeguards, such as disabling clickable links in messages from unknown senders. However, scammers circumvent this by instructing users to reply with Y, thereby making the link active. Even vigilant users can be deceived, especially if they are genuinely expecting a UPS delivery, adding a false sense of legitimacy to the scam.
How to Recognize and Respond to Scam Texts
If you receive a text claiming to be from UPS about a missed delivery, it’s crucial to avoid interacting with it. Do not click any links or reply to the message, even with something as simple as Y. Responding can confirm your number is active, leading to further targeting. Instead, block the sender and report the message. iPhone users can tap Report Junk directly in the Messages app to flag the scam. If uncertain about the message’s legitimacy, visit the official UPS website directly rather than trusting any link in a message. The FBI also encourages reporting scam texts to the Internet Crime Complaint Center at ic3.gov. After reporting, you can safely delete the message.
Common Characteristics of Scam Texts
Scam texts often share certain traits:
– Impersonation of Trusted Entities: They frequently mimic well-known package delivery services like UPS, FedEx, or DHL.
– Suspicious Links: The messages may contain links to domains that appear official but include unfamiliar suffixes like .life or hyphenated versions of real company URLs. For instance, a fake UPS message might include a link to serveye.co.us, a domain not affiliated with UPS.
– Lack of Specific Information: These messages often omit relevant details, such as package numbers or tracking information.
– Urgency and Threats: They may use vague legal threats or demands for immediate payment to prevent the supposed package from being returned. Some fraudulent messages include threats of license suspension or credit score damage, especially when impersonating government agencies.
These scams rely on creating a sense of urgency to induce panic, but they fall apart under scrutiny. Taking a moment to double-check before clicking can help you avoid handing over personal information to criminals.
Protecting Yourself from UPS Text Scams
To safeguard against these scams, consider the following steps:
1. Track Deliveries on Official Websites: After receiving a delivery confirmation from UPS, enter the tracking number into the official UPS tracking tool. This ensures you receive accurate updates on your package’s status.
2. Avoid Clicking Unsolicited Links: Instead of clicking links in unsolicited text messages, visit the official UPS website and enter your tracking number. Scammers often use links to infect devices with malware or steal personal information.
3. Verify Link Safety: Before clicking, check a link’s safety by copying and pasting it into a URL checker, such as Google Transparency Report. Be careful not to accidentally click the link while copying and pasting.
4. Recognize Red Flags: Be wary of messages with grammatical errors, unusual urgency, or requests for information not typically required by UPS. Legitimate UPS texts would not ask for sensitive information like your Social Security number or bank account details.
5. Use Spam-Blocking Apps: Consider downloading a third-party spam-blocking app to prevent scam texts from reaching your phone.
6. Report Scam Texts: Reporting scam texts alerts UPS and helps prevent future scams. You can report a UPS scam text by emailing [email protected], forwarding the message to 7726 (SPAM), or notifying the Better Business Bureau (BBB), Federal Trade Commission (FTC), or Federal Communications Commission (FCC).
Potential Risks of Engaging with Scam Texts
Clicking on links in UPS scam texts can lead to several risks:
– Phishing Traps: Links may lead to fraudulent UPS websites designed to steal sensitive information like your name, address, Social Security number, and credit card details.
– Malware Installation: Clicking the link could install malicious software on your device, allowing scammers to access your data, camera, microphone, and more. They may even hold your device for ransom.
– Financial Fraud: Scammers might claim you owe a fee to release your shipment, deceiving you into providing payment information. Legitimate UPS communications would not request payment via text message.
Conclusion
Staying vigilant and informed is crucial in protecting yourself from UPS text scams. By recognizing the signs of fraudulent messages and following the recommended protective measures, you can safeguard your personal information and avoid falling victim to these deceptive schemes.
