Cybercriminals send fake delivery alerts with a PDF attachment, tricking you into entering personal and financial information.
In a recent text message phishing (smishing) scam, cybercriminals send you a text that appears to be from the U.S. Postal Service (USPS). The text says that you have a package at the post office that cannot be delivered due to an incomplete address. The message contains a PDF file and directs you to open it to complete your address.
You are then directed to click a button in the PDF file, which takes you to what appears to be a USPS web page. The page instructs you to enter your address, personal data, and credit card number so the USPS can attempt to redeliver your package. The catch is there never was a package. The USPS page is actually fake and controlled by cybercriminals. If you enter any information here, cybercriminals will be able to steal it immediately!
Follow these tips to avoid falling victim to a smishing scam:
- This smishing scam claims to be from the USPS, but be wary of any unsolicited text messages from unknown numbers. If you aren’t sure if a message is legitimate, delete or report it.
- Don’t reply to unexpected text messages, even to say “STOP” or “unsubscribe.” If you have any questions regarding delivery, contact your local post office directly.
- Never click on any attachments or links from suspicious text messages or emails.
Stop, Look, and Think. Don’t be fooled.
KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.
DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.
