Don’t Click that Link! A Sneaky New Postal Scam Is Making the Rounds

There are a few telltale characteristics in most phone or email scams, and if you know what to look for, you might be able to spot them rather quickly.

Phone scammers tend to rely on high-pressure tactics to keep you from thinking too deeply about the offer, such as a warranty offer that expires today or a threat to cut off your utilities that afternoon. They often request absurd amounts of personal information, and they may require you to make payment via untraceable methods, like prepaid debit cards, wire transfers, or even retail gift cards.

Email scams, on the other hand, often have some bizarre yet noticeable characteristics of their own. The infamous Nigerian prince emails usually start with a sob story and end with promises of millions of dollars, and they tend to address you with a strange greeting, like “dear most sincere beloved recipient.” Spoofed emails, which look like they came from a famous company, often contain strange spelling or grammar errors and unprofessional language, despite supposedly coming from the corporate office.

But one scam that a staff member at the Identity Theft Resource Center received contained very limited grammar errors, or at least they were the kind of errors that a lot of people might overlook. These tended to be issues with the commas or the apostrophes rather than misspelled words or faulty vocabulary.

There were still a few obvious signs, though:

  • First, the sender claimed to be the US Postal Service, and the email address even looked legitimate. You would have had to know that it isn’t a real in-house email address to spot that one. But the very first clue was in the subject line, which included a “parcel number.” The USPS uses tracking numbers, not parcel numbers, and a search for the term “parcel number” on the USPS website turned up zero results.
  • The above-mentioned grammar errors aside, the email itself was poorly formatted and without clearly recognizable paragraphs. Major corporations and organizations hire PR teams to make sure that all of their public correspondence is both easy to read and accurate.
  • The message openly stated that you had to click the included link on a PC (meaning no phones or tablets) with Microsoft Word installed. What does Word have to do with opening a website through a link? Nothing. But the macros that carry the virus to your computer are activated through Word.
  • Finally, the real prize was the link. If you hovered your mouse over the link you would see that the text in the email did not match the text in the link. A virus scan was quickly able to determine that the link contained malicious software.

So how do you avoid this type of danger when it’s getting harder and harder to spot the real emails from the phony ones? The ITRC is very knowledgeable about scam attempts, and they still had to look up the included “parcel number” at the USPS.com website to see that it wasn’t genuine. In order to stop a scam attempt in its tracks, you have to be very diligent about reading your messages before taking action. Stop and think before clicking any links that come to you via email or text, even from user accounts you think you know.


How much information are you putting out there? It's probably too much. We are here to help you stop sharing Too Much Information. Sign up for the TMI Weekly.

Read next: What Can a Thief Do With Your Wallet?

Pin It

Article Archives

 

ITRC Sponsors and Supporters 

 

 

 

 

Go to top

 

The TMI Weekly

Breaches here, identity theft there and invasions of privacy everywhere... Should you be worried and, if so, how can you protect yourself? Sign up now to receive The TMI Weekly and get the latest hot topics in identity theft, data breaches and privacy and helpful information on how to protect your information.