Holiday shopping season is here, and thanks to the pandemic, we’re doing more online buying than ever before. Unfortunately, this has also led to a rise in scams designed to harvest your personal information.
One of the most recent rackets, according to the Better Business Bureau, is a text scam that purports to be from a mail carrier like UPS, FedEx, or the United States Postal Service (USPS).
These messages, which have already hit thousands of phones across the country this holiday season, “inform” the person on the other end that they have an overdue package waiting for them. To get it delivered, they need to click on a link that—whoops!—actually exposes their phone to harmful malware. Eager eyes on Reddit have pointed out that the messages tend to look like some variation of the following:
Howard Dvorkin, a consumer advocate and CPA in Fort Lauderdale, Fla., tells Money that while many of us are struggling to find employment (and pay for gifts this year ) fraudsters are working harder than ever.
“In early June, the FBI told the Senate that the number of fraud complaints for the first part of 2020 was almost the same as for all of 2019,” he says. “Americans have lost a whopping $194 million to COVID-19 related scams. In my almost three decades of experience, I’ve never seen more determination among fraudsters.”
Fraud is, amongst other things, a volume business, in which scammers target a wide swath of consumers in hopes of tricking a few victims. With so many Americans knocking out their holiday shopping online this year, “scammers don’t have to cast a wide net to catch someone who will click on the link,” says Amy Nofziger, Director of Victim Support for the AARP’s “Fraud Watch Network.”
The way this text scam works is to get victims to click on an attached link, which sends them to a form asking them to enter personal information (like bank account info) in order to receive a non-existent package.
This doesn’t just give fraudsters access to sensitive information, Nofziger says. In many instances, identity thieves use this trick to download malware onto your phone, which can lead to all sorts of unpleasant consequences, including, “stealing [additional] personal information off your device, or having your phone send out revenue-generating SMS messages,” she says.
In a worst-case scenario, “It can even have the criminals lock your device and demand a ransom payment,” Nofziger says.
Signs you may have already downloaded malware onto your phone include slow running speeds, the inability to download new apps, and an increase in pop-ups. Nofziger recommends checking with your phone manufacturer for more detailed information on the best way to detect—and get rid of—malware. And to prevent this from happening in the first place, learn how to tell a real mail carrier text alert from a fake one.
According to Nofziger, a common red flag for this sort of scam is an email address that doesn’t match the shipping notice in your original email from the company. If you never received a confirmation email, or the text claims the package is a gift from an anonymous sender, call UPS, FedEx, or USPS directly to see if you’re being had.
“Keep track of the receipts and shipping information,” she says. “Most stores will provide information in your order about who the shipping carrier is and when the package is expected to be shipped.”
If the text message addresses you with a generic “dear customer,” that’s another red flag, Nofziger says. But don’t assume someone who got your name right can be trusted.
“Still be cautious,” she advises. “Is the text or email asking you to click on links or provide personal information? If this is a legitimate package issue, they will already know your information and it will just be an update.”