BrianKrebsOct 10, 2023

Recent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. Postal Service (USPS) customers. Here’s a look at an extensive SMS phishing operation that tries to steal personal and financial data by spoofing the USPS, as well as postal services in at least a dozen other countries.

I like to show my work, and went pretty far down the rabbit hole with this one:

https://krebsonsecurity.com/2023/10/phishers-spoof-usps-12-other-natl-postal-services/

Phishers Spoof USPS, 12 Other Natl’ Postal Services – Krebs on Security

Show threadFinchHaven sfbaOct 10, 2023

@briankrebs

I see probably five or six of these a week

Which is why I do *not* do email on my phone

Thunderbird, desktop only

That way I can inspect every URL with a mouse hover and not have to touch anything

Not to mention being able to look at Full Headers, which I hardly ever bother with, because this cr*p is so ludicrously obvious

Show threadBrianKrebsOct 10, 2023
@FinchHaven yeah, so many people are like, I can't believe suckers fall for domains ending in .top and .click, they're so obviously phishing. Yeah, but that assumes you can actually view the whole url on your mobile easily, which isn't a simple thing for a lot of users.
Show threadFinchHaven sfba

@briankrebs

Exactly

Sitting ducks, really

If people are even aware of the threat

Oct 10, 2023 at 12:14amWeb