Malicious text message (USPS)

[xrobwx71]

I received a text message today copied below.

From a phone number with an Indonesian exchange of +62

It's supposedly from the USPS (United States Postal Service) ((with an Indonesian exchange))

U‏S‏‏‏‏PS Noti‏fication: Your par‏cel is temporar‏ily on hold at our facil‏ity due to insuffic‏ient ad‏dr‏ess infor‏mation. Please provide a valid de‏‏livery‏ addre‏ss to avoid returning the packa‏ge.
URL:Removed
Wishing you an exceptional day from the US‏‏‏P‏S tea‏m.

---

Congratulations! Your analysis is done and available at: https://www.hybrid-analysis.com/sam...6c061263802cf5a58fec28fedbb?environmentId=160



--- Falcon Sandbox Analysis Overview ---



https://www.hybrid-analysis.com/sam...f295b81bfcfb4318b46c061263802cf5a58fec28fedbb



--- Falcon Sandbox Analysis Summary ---



Analysis State: SUCCESS

Threat Verdict: malicious

Threat Score: 82/100

AV Detection Ratio: n/a

AV Family Name: n/a

Time of analysis: 2024-06-26 16:58:38

Contacted Domains: a.nel.cloudflare.com, cutt.ly, usom.mzlrpdma.top Contacted Hosts: 104.22.0.232, 172.67.189.63, 172.67.189.63, 35.190.80.1, 35.190.80.1

Environment: Windows 10 64 bit (ID: 160)

 

[ThatPlace928]

Report spam and block. If you're expecting a package, there are plenty of valid routes to check on it and UPS, FedEx, etc. will never send a text, unless you sign up when expecting a delivery. They won't send spam.

 

[phaZed]

It's an old scam reaching all the way back to WinXP era, at least. These emails have subsided quite a bit in the recent past.

 

[Sky-Knight]

Smishing: Package Tracking Text Scams – United States Postal Inspection Service

www.uspis.gov

May as well be old as time itself at this point.

 

[seashore]

I'd be surprised to find anyone left that hasn't received one of these.

 

[xrobwx71]

What's the deal with it being old? I'm not trying to be the first to announce. It's still relevant as I got it today.

The goal:
I've posted this experience on about 7 sites I'm a member of in the hopes it will help steer at least one person clear of being phished.

 

[Sky-Knight]

What's the deal with it being old? I'm not trying to be the first to announce. It's still relevant as I got it today.

The goal:
I've posted this experience on about 7 sites I'm a member of in the hopes it will help steer at least one person clear of being phished.

At this point anyone that falls victim to this specific form of phishing should have all Internet access rights permanently revoked. You can't fix that level of stupid.

 

[Porthos]

I received a text message today copied below.

The email scams are usually blocked but text messages and phone browsers typically let them in.
I was instantly blocked first by Google safe browsing then by Netcraft.

 

[britechguy]

What's the deal with it being old?

Because certain things have been "around" and "around the block" long enough that warnings are just not really necessary.

It's akin to warning people about the Nigerian Prince email scam. If you don't know about it by now, you really have been living under a rock.

It's not like you were being attacked, either, but this is one of those things like giving a warning that water is wet or fire is hot. It's just so well known by those who are "of a certain age" that repeating it serves little purpose.

 

[timeshifter]

I don't understand. You received a text message but the link contains malware designed for a Windows environment??

 

[YeOldeStonecat]

My cell phone number is over 25 years old...all of it being in IT and fairly heavily advertised/listed.
Big target for smishing. Luckily on the Google Pixel...the spam blocking of both the phone calls, and the texting...is very good, so I don't see much of them on the phone. However, since I use Phone Link app on my computers to connect to my phone...that doesn't filter them out, and I'll see just how many dozens of smishes like this I actually get each day.

 

[wkt_1]

These emails have subsided quite a bit in the recent past.

 

[seashore]

These emails have subsided quite a bit in the recent past.

@wkt_1 We're still waiting for info on your business.

 

[Sky-Knight]

@YeOldeStonecat I have a Pixel specifically because of that filter! I too have had this number forever, about the same length of time you've had yours. And It just gets bombed, without the Pixel filters my phone is useless!

 

[YeOldeStonecat]

@YeOldeStonecat I have a Pixel specifically because of that filter! I too have had this number forever, about the same length of time you've had yours. And It just gets bombed, without the Pixel filters my phone is useless!

yes...it is the best build in filter...and I'll say, better than the 3rd party ones too...free, or paid. Many of those 3rd party ones just harvest your info and hand it out anyways.

 

[Markverhyden]

I've given up on reiterating the risks of all of these scams. I just keep telling them if you weren't expecting "it" bin it. If you really think it's legit you have to have a voice phone conversation using known numbers before moving forward.

 

[britechguy]

I just keep telling them if you weren't expecting "it" bin it.

^This

And in regard to other "related" scams trying to get you to click through on links, you simply don't. If you suspect something might actually be real, then you go to the website of the entity that seems to have sent it to you "by hand," log in, and check your messages there. If the thing is real, what it wanted you to do will be reiterated and you then know, without doubt, that you are in your own account and the request is legitimate.