Url looks suss. Seems kinda sophisticated for the usual ups fishing scam. Here’s the text message I got leading here.

“Wishing you a bright and sunny day!” Lol, I almost want to help this guy by explaining that UPS and American companies in general have disdain for their customers and would never wish them to have anything that would not benefit the company.

292 points
*

I seriously doubt USPS bought a domain like gflrml dot cyou for their business. It’s 300% a scam.

permalink
report
reply
104 points

Reminds me of my previous bank.

They changed some system countrywide, so I got an email that I need to update some data and go to a website to do that.

If was something like “update-[bankname]-data-now.tld”.

It was sent to a unique mail address I used for them. But still though it was phishing.

Turns out: No. It was real. Whoever came up with the idea to not host that stuff on at least a subdomain of the bank really needs to get fired. and each and every manager who was part of the decision process.

permalink
report
parent
reply
44 points

Ugh. I work in the public sector and let me tell you, there are SO many companies that send the most dogiest, scammiest looking emails telling you to follow a link, only for it to turn out to be perfectly legitimate.

I honestly can see now why people end up falling for these things when even legitimate companies send emails looking just like phishing scammers

permalink
report
parent
reply
30 points
*

Had that happen, too. We all try to educate users to NOT click on some dubious phishing/scams and put in qute some effort to explain it over and over again, and then there are companies doing things like that. It’s just sad.

permalink
report
parent
reply
15 points

lol I have to go back to the bank (when there’s a manager, because there wasn’t last time🤦‍♀️), to turn online banking back on for my account.

It got turned off because I didn’t pick up some spam call they made.

permalink
report
parent
reply
30 points

The text message is the big red flag, that’s obviously a scam and has been happening for at least a year. Most scam texts are filtered on my phone, but a few of these slip thru.

I guess they’re just trying to tie phone numbers to addresses so they can sell the phone list for more info.

Especially with people keeping their cell number while moving states, tying an address to the number and verifying it’s that person would be a tidy profit.

permalink
report
parent
reply
13 points

Link shortener (not their own at least) is another massive red flag, same with typos (‘number number’ in page)

permalink
report
parent
reply
4 points

Unfortunately I can think of one company in particular that uses tinyurl when you sign up for shipping updates on their website (looking at you Samsung!).

At least with that one:

  • you know you signed up for it
  • they send a text right when you sign up for it
  • they use an official short SMS (5 digit) number.
permalink
report
parent
reply
10 points

Also, is it common for a legitimate government agency to use a third-party link shortener like bitly?

permalink
report
parent
reply
2 points

You mean (uint32_t)-1 %

permalink
report
parent
reply
98 points

flip the question around: Why would you think this wasn’t a scam?

permalink
report
reply
77 points

Furthermore, wtf did they GO TO THE URL FROM A TEXT MESSAGE at all?! 🤦🏽‍♂️

FFS, people. There’s “I need help with my computer” and then there’s “Some of us shouldn’t have a smartphone”. 🫶🏼

permalink
report
parent
reply
24 points

Holding up a giant sign that says “I CLICK ON WHATEVER BULLSHIT LINK YOU SEND ME”

permalink
report
parent
reply
10 points

tbf, it could be sandboxed and safe. I doubt it is, OP doesn’t seem the type, but it could be.

permalink
report
parent
reply
21 points

Doesn’t matter, there’s more than likely a callback in the url that says who it was, and now the sender knows the number is active and the user clicks on links

permalink
report
parent
reply
4 points
Deleted by creator
permalink
report
parent
reply
16 points
*

Even just opening the link can leak info - I would avoid doing so entirely unless your device is sandboxed

permalink
report
parent
reply
-1 points
Deleted by creator
permalink
report
parent
reply
88 points

Very well known scam. Some details that give it away:

(1) They used a url shortener that doesn’t let you see the actual domain. (bit.ly)

(2) Website domain is not legitimate.

USPS’s website is usps.com. If the URL doesn’t end in usps.com (meaning usps.fakewebsite.com is still fake) then it’s not legitimate.

(3) Tone: The USPS doesn’t text you like you’re their friend.

(4) The number they’re texting you from is not an SMS short code number (usually 5 digits). Instead you’re getting a text from a 10 digit number with an area code, which means it’s a person/individual rather than an application or service.

source: used to work as cyber sec analyst

permalink
report
reply
31 points
*

(5) grammatical error(s): “We will ship again in” instead of “we will ship again on

Edit: more subtle errors and phrasing that feels like it was written by a non-native English speaker.

permalink
report
parent
reply
24 points

(6) USPS tracking numbers are like 65 digits long, because they expect to track every hydrogen atom in the known universe individually.

permalink
report
parent
reply
5 points

Yeah the first bullet copy with the comma and wrong preposition is clearly unprofessional. These scams always use poor contrasting red warning text as well.

permalink
report
parent
reply
1 point

I heard a theory that they put mistakes in intentionally to filter for dumb people.

Doubt that’s true, but it’s a funny idea.

permalink
report
parent
reply
1 point

You’re absolutely right, of couse, but keep in mind that communications is still mostly done by people and people are generally fucking stupid.

permalink
report
parent
reply
7 points

I’ll add how is it that they could not know the address of the recipient, yet would know their phone number?

Either the recipient is totally unknown or they know the address. The last thing they would know about a recipient is the phone number.

permalink
report
parent
reply
2 points

That’s interesting I didn’t think about that fourth point, but whenever I get a verification SMS it does always come from a 5 digit number.

permalink
report
parent
reply
5 points

That one is not hard evidence though, for example delivery drivers from FedEx in my area send text messages from their actual phones announcing an upcoming delivery.

The messages are still standardized, so I’m assuming they are company phones and send pre-programmed messages from templates, but if I call that number, I’ll actually speak to the person handling my delivery.

permalink
report
parent
reply
64 points

A tangent:

What annoys me is when legitimate companies use non-standard URLs in their hyperlinked emails. For example, if you get a message from Facebook taking you to facebookemail.com, that’s actually a domain controlled by the real Facebook.

They’re essentially teaching their customers to click on links in emails which use unfamiliar URLs which are superficially similar to the usual one.

permalink
report
reply
7 points

They probably want to separate their customers from getting up to stupid spammy behaviour and getting the domain blacklisted from their ability to deliver their own official Facebook email notifications. There probably ought to be better ways to do that, but the fact Facebook went “yeah, we gotta register the shitty domain facebookemail.com” makes me think they’re working around a crappy limitation of smtp email.

permalink
report
parent
reply
10 points

There ought to be no limitation with, say, email.facebook.com. Sure, have the domain facebookemail to prevent bad actors grabbing it, but only use it as a redirection.

I don’t think there’s mail server software in existence that would choke on a subdomain like that. There might be a few mail admins too easily confused to be able to set it up, but I doubt there are any of those at Facebook.

That said, most people aren’t going know that a subdomain is safer than a legitimate looking alternative, so maybe it’s all moot.

Tangentially, it seems that someone has squatted on facebook-email.com (note the hyphen), so I expect that Zuck’s lawyers are crawling all over whoever’s done that.

permalink
report
parent
reply
3 points

I’m not up to speed on exactly how spam filters blacklist domains but I strongly suspect if Gmail thought spam was coming from email.facebook.com then it would restrict facebook.com too. That’s the only reason I can think of for creating such a clunky domain; it’s that a neater looking sub domain won’t avoid the problem - hence having to register something completely different.

permalink
report
parent
reply
2 points

It’s been a while since I’ve been in tech. Is there any kind of DNS reason why you’d want email coming from a different domain? Like to skip steps in DNS resolution by going straight to a domain name instead of resolving a subdomain to the main domain?

permalink
report
parent
reply
5 points

Congratulations, you belong to the 3% of users who know what a domain is and why that matters. Everyone else uses Google (or DuckDuckGo because “Google bad”) to search for their favorite websites every time.

permalink
report
parent
reply
2 points

Google has one that is the most suspect url in existence, I don’t remember what it was but I verified it three different ways to be sure.

UPS apparently subcontracts their hiring to fucking Indonesia so you’ll get people working in a phone bank overseas asking for personal information.

permalink
report
parent
reply
4 points

Goo.gl was one of theirs.

permalink
report
parent
reply
2 points
*

That was it, what the fuck Goo.gl

Edit: looks like it was part of a URL shortening system they deprecated for this exact reason, so at least they learned

permalink
report
parent
reply
58 points
*

Why the fuck did you click a link like that in the first place? That first message is basically screaming at you that it’s a phishing attempt.

Best opsec is to delete and block, ideally without opening it at all to avoid read receipts (if that’s a function in your phone). If you think it might be legit, go to the website on your own and find a way to confirm independently. If that’s still too much to follow through with, at the very least don’t click random links sent to you unprompted.

permalink
report
reply
15 points

Hey dude, you had an opportunity to educate someone and instead you belittled them. As someone who works in cyber, please don’t do that. People get stigmatised against cyber and IT professionals and they stop trusting us. Users don’t know what we do, so be kind to them the way you should be kind to anyone learning new things. https://xkcd.com/1053/

permalink
report
parent
reply
1 point
*

Could someone educate me on the possible damage clicking a link can bring, assuming I’m not interacting with the website any more than that?

Not doubting there’s damage, just curious. I’d think they’d get some maybe usable info from fingerprinting or something? Could javascripts lead to more serious problems?

permalink
report
parent
reply
5 points

If you do nothing but click the link and then close the resulting website without clicking anything else, all that will happen is that they’ll know you’re someone who clicks such links and you’re likely to get more of them.

permalink
report
parent
reply
4 points

The least it wil do is confirm your email to be in use for further scams.

permalink
report
parent
reply
3 points

There could theoretically be a vulnerability in your browser that would allow them to infect you with viruses, but such vulnerabilities are much much more valuable used elsewhere (or cashed in through security research bounties). One I’ve seen is that the page further phishes you into downloading and installing an “update” to your browser that’s really a virus, or they simply try to phish you out of money, for example by asking you to pay the shipping costs again.

It’s also a way to build lists of who actually clicks the links, that they resell to the next sucker (scamming is suckers all the way down, they all buy The Next Big Technique from some guy), ensuring you will get further spam in the future.

There’s actually a fun technique to do to avoid further spams when it comes to voice calls. A little know fact is that elevator call buttons are actually just phones that have a phone number, and if you dial the number, it will automatically answer and you will hear whatever is in the elevator (generally nothing). If you pick up but don’t say a word, their automated systems will flag you as an elevator phone number and they will stop calling in order to stop wasting resources on calling numbers that won’t lead to money.

permalink
report
parent
reply

Ask Lemmy

!asklemmy@lemmy.world

Create post

A Fediverse community for open-ended, thought provoking questions


Rules: (interactive)


1) Be nice and; have fun

Doxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can’t say something nice, don’t say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them


2) All posts must end with a '?'

This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?


3) No spam

Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.


4) NSFW is okay, within reason

Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com. NSFW comments should be restricted to posts tagged [NSFW].


5) This is not a support community.

It is not a place for ‘how do I?’, type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.


6) No US Politics.

Please don’t post about current US Politics. If you need to do this, try !politicaldiscussion@lemmy.world or !askusa@discuss.online


Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija


Logo design credit goes to: tubbadu


Community stats

  • 11K

    Monthly active users

  • 3K

    Posts

  • 104K

    Comments