Saturday, December 24, 2022

USPS Postal Service Phishing Text Scam

A sophisticated professional computer programmer I know recently found himself victimized by a phishing scheme targeted at USPS (US Postal Service) customers.

The text he got read:

[USPS Tracking]: Your shopping address does not match the zip code, we cannot deliver,please re-enter complete information  Https:/s.id/1ttSP.  

As it happened, he received the text a few minutes after having left the Post Office, where he had just given them his phone number.

He had gone to the Post Office because he had been away from his second home longer than the USPS was willing to hold his mail, so he needed to stop the Post Office from simply returning the mail. Reestablishing his address was particularly urgent because he was expecting an important delivery that would otherwise be returned to sender.

He immediately spotted the typos ("shopping" instead of "shipping," and the lack of a space after the second comma) and even mentioned them to his son as an example of increasing incompetence within the Post Office. 

But because he had such a strong and pressing need to prevent his expected shipment from being returned to sender, and since he had just given the Post Office his phone number, he clicked the link.

That took him to a page that looked exactly like a USPS page, and even provided a tracking number.:



He provided the requested name and address information, and clicked "continue."  It then informed him that he needed to verify his identity by providing a credit card number, which the "Postal Service" would then run a $1 temporary charge through, as verification.  He entered a credit card number, including the special code on the back, but received a message saying that the card couldn't be processed, and inviting him to enter another one.  He did so, and that one was accepted.

It was only after he got home that it first occurred to him that he might have been phished.  He retraced his steps and saw that the name of the site that the link had taken him to was  https://susps.cc/#/, which seemed a bit suspicious.  He then looked at the phone number from which the text had come -- 914-531-3510.  A google search of that yielded 5 hits all of which seemed to associate the number with various unusual-sounding names, and 3 of which associated it with the village of Mount Kisco, New York.  Not the Post Office, in any event.  

He immediately cancelled the credit cards and presumably has emerged from the episode unscathed.  

My point in writing this up is that while it's easy for us to laugh at the typos in scam texts and assume that nobody would fall for them, each of us has moments when we let our guard down, and if the text comes in at one of those moments, even the sharpest among us can become victims.  

Assuming that the scammers sent out 10 million such texts, and had only a "success" rate of one in a thousand, that's still a thousand successes, and potentially two thousand stolen credit cards. As artificial intelligence and other technological developments makes scamming more sophisticated, the success rates and numbers of compromised careds will only go up.

Saturday, December 10, 2022

Innovavisitpay.org scam

I had a hospital bill from Inova that I needed to pay, and I didn't remember my login so I just called the pay-by-phone option.  It told me I could pay online at "Inovavisitpay.org", but it didn't spell it for me.  I quickly typed in "Innovavisitpay.org" which looked like a hospital website and said something about putting patients first, and had a prominent link for Medical Billing Services.

It didn't look quite right to me so I checked the spelling and realized I had typed 2 n's instead of 1.  I typed it in correctly, got to the right site and was able to pay my bill.

Not sure exactly what would have happened if I had clicked on any of the options of the first site, but clearly it's some kind of scam, preying on people trying to reach inova's billing software.

I tried googling Innovavisitpay.org in quotes and got literally zero hits, so while there is a hospital in Texas that uses 2 n's, this isn't that.  Maybe future googlers will end up on this site.

In my comments about Inova's service, I encouraged them to try to shut down the scam site.  But they probably don't have much incentive to do so.  We'll see.