There’s been a rise in smishing texts claiming a package cannot be delivered due to incorrect address information. Nope, that is not a typo. Smishing is a real word (SMS + phishing = smishing), and it’s a form of social engineering that exploits SMS text messages that may contain email addresses, phone numbers, or links to webpages. An example of this is shown below:

In this example (look at the blog featured image for more info), a hacker entices a user to click a link in order to address a package delivery issue. When clicked, the link directs the user to a fairly convincing United States Postal Service webpage imitation, requesting name, physical address, email address, and phone number. The website contains multiple processes and redirects, one of which appears to post collected information to a Chinese IP address as you can see from the third image. 

If you ever get a text message inviting you to click on a link, and your spidey senses start to tingle, don’t click on the link! Instead, take a screenshot and send it to us to examine for you. Always better to be safe than sorry. 

Incidents should always be reported on https://www.cyber.nj.gov/report (the NJCCIC Cyber Incident Report Form).

With any further questions, contact us here at Cyber Command.