Got a suspicious UPS text? Don't reply - it might be a scam. Here's how to tell

Elyse Betters Picaro / ZDNET

I've been anxiously expecting a bundle from UPS. That's wherefore a substance I received the different time caught my eye. Claiming to beryllium from UPS, the connection said that the bearer attempted to present the bundle connected June 27, but the transportation couldn't beryllium completed. The day was 1 successful which my woman and I were away, truthful this seemed morganatic astatine archetypal glance.

Also: Got a suspicious E-ZPass text? Don't click the nexus (and what to bash if you already did)

However, I've written plentifulness of cybersecurity stories, and I support abreast of the latest news successful the satellite of cybercrime. I cognize that UPS scam messages person been making the rounds, particularly astatine this clip of year. Naturally, my spider consciousness started tingling adjacent earlier I work the substance itself. But aft reviewing the connection and checking retired each the details, I realized this was intelligibly a scam.

Scammers similar to docket circumstantial types of scams for definite times of the year. During tax season, you'll spot a batch of scams that spoof the IRS. During the vacation season, gift-card scams ramp up. And during the summer, missed-delivery scams are fashionable since the crooks cognize that radical are often distant connected vacation.

How the UPS scam works

This peculiar UPS scam is simply a savvy one, astatine slightest successful immoderate ways. I received the connection connected my iPhone, with the sender labeled arsenic unknown. By default, links successful a substance connection from an chartless sender are disabled, truthful you can't click connected them to unfastened them. But the scammer utilized a sneaky instrumentality to get astir this obstacle.

Also: Clicked connected a phishing link? 7 steps to instrumentality instantly to support your accounts

You're instructed to reply to the connection by typing Y. Doing truthful past turns the scammer into a known sender. Open the connection again, and present the nexus is clickable. If that doesn't work, different enactment is to transcript and paste the nexus into Safari, wherever it takes you straight to the malicious website.

From there, the website prompts you to corroborate your interaction accusation if you privation to get your package. That means your name, address, telephone number, and sometimes a recognition paper oregon societal information number. If you instrumentality the bait, the criminals present person each those delicate details that they tin usage to bargain your wealth oregon your identity.

How I tin archer it's a scam

Beyond a wide consciousness of these types of scams, what different clues tipped maine off?

First was the sender's email address. Rather than follow an authoritative UPS sanction oregon address, the scammer utilized a random grip and domain sanction that had nary narration to UPS. The email code is casual capable to review. Always scrutinize it to spot if it seems morganatic oregon related to the company.

Also: I clicked connected 4 sneaky online scams connected intent - to amusement you however they work

Second, the connection conveyed a consciousness of urgency -- ever a motion of malicious intent. In this case, the substance told maine that my bundle would beryllium held by UPS for a specified 3 days earlier being sent backmost to the archetypal sender. That's a abbreviated timeframe without adjacent an attempted redelivery, which UPS usually tries earlier sending the bundle back.

Third, emails oregon messages from UPS mostly see a tracking fig oregon different means of identifying the package. This connection contained nary circumstantial details and was alternatively generic and vague, different motion of a scam.

How to support yourself

Add each those signs unneurotic with an consciousness of the existent trends successful cyber scams, and I knew this was intelligibly fraudulent. Aside from deducing the clues, however tin you support yourself from these types of scams?

1. Never respond to a substance connection directly. Instead, motorboat a browser and unfastened the website successful question, successful this case, the UPS site. Sign successful with your relationship if you person one, and cheque for immoderate caller messages oregon notifications. If you're expecting a delivery, you should find the accusation astir it connected the site. You tin besides ever telephone the institution straight to analyse further.
2. Never click connected a nexus oregon attachment. Apple wisely disables links from chartless senders. But if you bash ever person a substance oregon email with a nexus oregon attachment, ne'er prosecute with it. Again, cheque the related website separately.
3. Proofread the message. The substance I received was good written, but galore spam and scam messages incorporate typos and grammatical errors. Look for immoderate misspellings oregon different mistakes.
4. Check the company's website for help. Many companies similar UPS connection online proposal connected however to observe and debar scams. The UPS leafage connected "Protect Yourself From Fraud and Scams" looks astatine antithetic types of frauds and however to combat them.

Also: That weird CAPTCHA could beryllium a malware trap - here's however to support yourself

Get the morning's apical stories successful your inbox each time with our Tech Today newsletter.