Having been phish bait numerous times, we are wisely wary of emails inviting us to click on embedded links that either install malware or direct us to fraudulent websites. However, the immediacy and informality associated with texting may make us less cautious when receiving a fraudulent SMS message, aka “smishing.” Fraudsters are well aware of that tendency and happy to use it to their advantage.

Many of us have consented to receiving text updates for package deliveries from UPS, FedEx the USPS, and others. The increasing frequency of home deliveries, coupled with the rising threat of porch pirates, make these tracking notices extremely helpful. However, they also provide scammers a direct path to your pocketbook. For example, a recent one circulating purports to originate from the Post Office:

[4/19/21 8:14 AM] USPS: the arranged delivery for the parcel 1z01785 has been changed. Please confirm here: x7fqe.info/7KxnO4yCw.

Spotting these texts as illegitimate can be difficult; normally they do not have telltale typos and you cannot easily identify the true sender. Amazon even warns that “[f]raudsters can now insert their scam messages into a thread of legitimate messages that you might have received from us.”

It is especially important that you be at least as diligent with your texts as you are with your emails. Not all texts deserve a response. No text demands an immediate response. If you really need to track a package, logon directly to the carrier’s website and enter the necessary tracking information. Or go old school and use your phone for an actual phone call.

Check out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact a member of our Privacy & Data Security team.