Scammers are a creative bunch, aren’t they? When so much information and money is up for grabs on the internet, it’s only natural that the most clever and resourceful criminals will get away with the biggest score.
Whether they’re tricking users into thinking they owe back taxes or developing fake ransomware and sextortion emails, these cybercriminals truly put the “artist” in “con artist.” Tap or click here to see why you shouldn’t panic when you get a sextortion email.
And now, another tricky scam is making its way to phones across America. By pretending to be delivery notifications for packages, these texts will steal your data and financial info or sign you up for bogus subscriptions if you’re not careful. If you get one of these texts, here’s why you’ll want to just hit “Delete.”
FedEx fakery
According to ABC News and confirmed by several law enforcement agencies, people across multiple states have received fraudulent text message delivery notifications claiming to be from FedEx. Tap or click to learn more about fake delivery notification email scams.
These messages include a realistic tracking code, as well as a link for users to click to “set delivery preferences.” Clicking this link redirects unsuspecting victims to a malicious website that demands personal and financial information to “set up your profile.”
Once entered, the data is ultimately stolen by scammers. This includes data like email addresses, payment information, street addresses, names and more. With that information, it becomes simple for hackers to assume your identity and make fraudulent charges or open accounts in your name.
But that’s not the only variation of the scheme to keep an eye out for, either. This version arrives in a text message just like the other one, but that’s where the similarities end. If you open the link, you’re redirected to what appears to be an Amazon customer satisfaction survey. All it needs to know is your payment information and address and you’ll win a “prize!”
What’s the prize, you ask? On paper, the website says it’s something expensive like a gadget or health supplement. But in order to qualify, you have to agree to the terms and conditions. According to the fine print, this means “signing up for a $98.95 per month subscription” for restocks of your reward.
So not only are you getting your identity stolen, you’re also getting fleeced out of almost $100 per month in the process. Yikes!
To fight back against identity theft, we recommend our sponsor Identity Guard, which keeps track of your accounts and how they’re being used — no matter where they end up on the web. Get 33% off at IdentityGuard.com/Kim. Make sure to switch or sign up today and enjoy this amazing offer!
In a statement to ABC News, FedEx addressed the phenomenon and explained the difference between its notification approach and the scammers’:
FedEx does not send unsolicited text messages or emails to customers requesting money or package or personal information.”
FedEX
The statement also explained FedEx is constantly monitoring for questionable activity and works closely with law enforcement to stay on top of fakes. If anyone receives suspicious messages via text or email, FedEx strongly suggests they delete it without opening the message and report it to abuse@fedex.com.
Local law enforcement is also addressing civilians on the nature of this cyber scheme. Because the tracking numbers can look deceptively real, they’re advising everyone to be cautious by copying then pasting the tracking number into the official FedEx website to verify its authenticity.
SCAM 🚨 There is a new scam where you get a text with your name from Fedex (or another delivery service)and a tracking number. Do not click on the link. When in doubt about a tracking number go to the main website of the shipping company and search the tracking number yourself pic.twitter.com/EoG1C07OLf
— Duxbury Police (@Duxbury_Police) January 21, 2020
I get text notifications for my packages! How can I spot the fakes?
Although we never recommend clicking on links you get in unusual text messages, it can be safe if you know where it’s coming from. The problem with these phishing messages is they pretend to be from a reputable source: FedEx.
But real text notifications from FedEx look quite different than the sample you see in the tweet above. Official FedEx notifications contain a single link to FedEx.com and include your tracking number in the link.
Clicking authentic links takes you to a landing page where all you’ll see is delivery status. No “on-site updating” or “profiles” required.
RELATED: Tap or click here to learn how to spot phishing scams even better.
But following the scam link will land you on a page that looks very different from FedEx’s true site, and the URL won’t even properly match.
Here are some red flags that can clue you in to whether you’re dealing with a phishing scheme:
- The messages will appear urgent and will impose arbitrary deadlines and time limits to get you to act fast.
- Abnormal requests for information, money, etc.
- Abnormal URLs like “fedextracker.ru” instead of “fedex.com.”
- Excessive spelling and grammatical errors, as well as an overuse of exclamation points.
As with most things cybersecurity, your safety is in your own hands. Knowing the lay of the battlefield is crucial for survival.