Pause, Take a Deep Breath, Count to 10 and Always Be Skeptical 

I received this message the other day via a text to my phone (DO NOT VISIT THAT LINK): 

U.S. Customs: You have a USPS parcel being cleared, due to the detection of an invalid zip code address, the parcel can not be cleared, the parcel is temporarily detained, please confirm the zip code address information in the link within 24 hours.

**https://usps.com-renewrma.top/us**

(Please reply with a Y, then exit the text message and open it again to activate the link, or copy the link into your Safari browser and open it)
Have a great day from the USPS team!

Are you one of those people that sees something like this and gets excited, clicks on the link, only to find yourself either a victim of a fraud or a victim? You are not alone. In fact, I would guesstimate that this fraud has a better than 50/50 chance of ensnaring its target. Let us break it down. 

First, what happens when you see a message like this? For most people, it will cause a dopamine response…excitement! Curiosity! I have got something! Someone likes me! Whatever it may be, there is that innate human emotion that causes us to bypass any rational thought and common sense. We select the link, follow the instructions, and the next thing, we have been ensnared, sometimes losing thousands of dollars and even our own identity.  

I learned a long time ago; I cannot control my first thought, but I can control my second thought and so on. My first thought when I saw this was, “oh, I’ve got a package I need to tend to.” My second thought said, “pause, take a deep breath, and count to 10.” I read it again and I ran the following common-sense checklist against the text message: 

1. LEGAL: The US Government will NEVER text or email you asking you for an answer to something via text or email. Not the IRS, not the FBI, not DHS, and certainly not US Customs. NEVER – so burn that into your brain right now. I do not care how legitimate it looks or sounds, NEVER! 

2. GRAMMAR: Did you notice they wrote “cannot” instead of “cannot?” When you see words or phrases that are misspelled or misused, this is a RED FLAG! Read carefully. By pausing and coming back to the message, I was able to recognize the misuse on my second pass. 

3. URGENCY! Please respond within the next 24 hours. I love it when scammers or anyone for that matter hits me with urgency. I like to run the “or what?” question through my mind and better yet, verbalize it when I have the opportunity. What can I be receiving that is so urgent that it will change my life for the greater good? My luck, if it were legitimate, I would be receiving a box of broken Chinese trinkets out of Shenzhen. No thanks, I will pass. 

4. LANGUAGE: Who the hell calls a “zip code” a “zip code address?” 

5. TECHNICAL: Checkout that URL! Seriously? Do you really think that is a legitimate URL? When I analyzed the URL, I saw the words “renewRMA.” This is my first clue they have used this scam previously posing as a government agency. They were targeting farmers since the USDA has an RMA (risk management agency) geared towards providing resources to help farmers. This gives you a clue as to how insidious these people are. 

6. PROCESS: Send them a ‘Y’ and then come back to the text and open the link. In that moment, they would make the link “hot” and have me. Like someone catching some tuna, I would have the gaff in my side, be pulled onto the deck, flopping, and flailing like a mad man only to be gutted and bled out. Sorry if the analogy does not sit well but now you know why they call it “SPEAR PHISING.” 

7. RELEVANCY: You have heard of “PHISHING,” but this was a “SPEAR PHISH.” How did I know? Easily…they provided an extremely specific piece of information: “copy the link into your Safari browser and open it.” How did they know I used a Safari browser? Unfortunately, this information can be easily recorded when we visit a website or fill out a form or our data is stolen from companies that we know and trust and do business with. 

8. LANGUAGE: “Have a great day from the USPS team!” Really!? You are kidding! This sounds like something a teenager would say to me!  

You may be wondering, who sent this text message? Where did it come from? This is the part of me that switches gears into “SEARCH and DESTROY.” This URL was registered on 10-07-2024 (3 days ago). I have an IP address and like many hackers and scammers, they are fronting through Alibaba’s servers, much like Amazon provides secure server services, and using other services like Paste Bin to dock the information they collect. They also show a physical location in Frankfurt, Germany although that can easily be spoofed. In addition, when I scanned the URL, I found that 3 other security groups had already flagged this URL as “PHISHING” and “MALICIOUS.” 

Lessons learned: 

1. You are more of a target than you realized 

2. No matter what, always be skeptical about clicking on any link you receive from someone you do not know or CANNOT verify whether through text, email, social media, etc. 

3. When in doubt, do nothing. Delete it! If it is so important, trust me, whatever it is will eventually find its way to you, legitimately. You are not missing anything! 

4. PAUSE 

5. BREATH 

6. Count to 10 

7. Use common sense 

8. HAVE A GREAT DAY! Sorry, I could not resist! 

SOAR cares about your security and your privacy. We work hard to protect it but as can be seen in the example presented, sometimes the best security on a computer, phone, or network can be easily bypassed by manipulating someone to make a mistake on the very devices that are being protected. Security starts and ends with you. Always be skeptical and hungry for truth. If you want to learn more about how you can be secured by SOAR, contact us today for a free inquiry.