The holiday shopping season has been in full swing for the past couple of months. As we get closer to the festivities and gift giving, scammers are taking advantage of the increase in online shopping activity using fake delivery texts scams.
If you received these messages claiming that something is wrong with your package, you're not the only one. In fact, the USPS has put out a warning to customers about these smishing scams.
"It's that time of the year -- mistletoe, Christmas trees and scammers hammering consumers with fake texts about your package delivery from USPS, FedEx or other services," said Richard Bird, chief security officer at API security firm Traceable AI.
According to a new CNET survey, 66% of US adults are scared of falling for a scam this holiday season, with fake text scams, also known as nondelivery package scams, at the top of the list. By sending these texts, scammers hope to steal your personal or financial information after you click the link. These texts may even look legitimate, but there are ways to avoid falling for them.
How do fake delivery package scams work?
A fake package scam is a text or email sent by a cybercriminal hoping to trick you into sharing personal or financial data. These texts, which can look like delivery tracking notifications, often indicate that something is wrong with your package. They may ask you to click a link to verify your shipment or fix payment details.
The danger of nondelivery package scams is that anyone can fall for them -- especially during busy seasons of online shopping like the holidays
Like other scams, cybercriminals want to trick victims of nondelivery package swindles into acting without thinking.Â
"These scams usually create a sense of urgency," said Brian Cute, COO of the Global Cyber Alliance. "Their aim is to trick people into clicking on malicious links or sharing personal data."
If you receive one of these messages and mistakenly click the link, you'll be redirected to a site mimicking USPS, FedEx or another courier. Opening the link can also lead to malware being downloaded onto your personal device.
Why am I being targeted in these scams?
If you've received these messages, or any other correspondence that look like scams, your personal identifiable data may have been compromised in a data breach and leaked on the dark web. Scammers use this personal data to craft personalized messages tailored to you or just send more out in hopes of a higher success rate.Â
"Unfortunately, the information scammers use has been collected from dozens, if not hundreds, of hacks of your personal data," Bird said.
Two of the largest data breaches this year involved background check company National Public Data and medical software provider Change Healthcare. Hundreds of millions of people were impacted by these breaches.Â
As the adoption of artificial intelligence becomes more widespread, cybercriminals are also using the technology to streamline communication, according to Jeff Scheidel, COO at authID.ai, a biometric authentication software company.
"AI has allowed scammers to produce more authentic-looking messages, making it harder for consumers to spot red flags," he said. "Many messages prompt immediate action to create a sense of panic."
How can you avoid package scams?
Look for typos in both the message and provided URL of a message. Poor grammar and generic greetings like "Dear Customer" are other signs the message you've received may be a scam. Â
You should also do the following before reacting to the message:
- Ask yourself did I sign up for tracking notifications? If not, "be wary of texts or emails claiming to be from a delivery service," Cute said.
- Verify links and information directly with companies. Instead of clicking provided links, visit the delivery service's official website to track your package or contact the retailer.
- Look for red flags. Be suspicious of any payment requests or a sense of urgency to fix an issue.
What to do if you fall for a package scam
If you think you might have been duped by a nondelivery package scam, take these steps to try to limit the fallout:
Contact your bank or credit card company
You should report fraud to your bank or credit card issuer after falling for any scam. In the case of package scams, your financial institution may not be able to get back your funds, but it will help protect your account.
Report the incidentÂ
There are a number of agencies you can report these scams to.Â
- Forward suspicious text messages to the FCC at 7726 (SPAM).
- Contact the FTC and FBI's Internet Crime Complaint Center to inform them of your case.
- You can additionally report scam messages to the United States Postal Inspection Service at spam@uspis.gov or report it via their website. Similarly, send scam emails impersonating FedEx to abuse@fedex.com. To report scams to UPS, click here.
Consider freezing your credit
Depending on the level of sensitive information you provided during the scam, you may opt to freeze your credit reports so that no one can open a new line of credit in your name. Â
Also, keep an eye out for any unusual activity on your bank statements in the weeks and months following a scam.Â
Sign up for identity theft protection
Finally, consider signing up for identity theft protection. These services can help monitor your personal information on the dark web and alert you if something is awry so that you can take necessary steps. Individual plans start at about $7 to $15 per month. ID theft protection services normally come with cybersecurity tools like password managers and antivirus protection and identity theft insurance.Â
Protect your personal data and get peace of mind with CNET's top pick for identity theft prevention software.
