+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

I'm a smug 30-year-old who thought only Luddites like my mom fall for 'smishing' scams. Then it happened to me.

Aug 26, 2023, 19:18 IST
Business Insider
It looked legit, but in hindsight, there were a few clues it was fake.Insider
  • I'm a smug 30-year-old journalist who grew-up (mostly) computer literate.
  • It wasn't enough to stop me from giving my credit card information to a USPS smishing scam.
Advertisement

My mother — a fierce, street-smart, "boomer" — can accomplish anything she puts her mind to. But when she does, it helps if there are no computer skills necessary. Because she doesn't have many.

About five years ago, when I noticed she started using her phone to buy things online — or to tweet photos of our 15-year-old family dog to Ellen DeGeneres fan accounts, thinking she had a direct line to her favorite person in the world — the panic set in.

Ever since, I've been bracing for the moment she would get a call from some scammer telling her that me or my sister had been kidnapped, forcing her to run out and drain her modest retirement account, load it onto gift cards, and send it to some faraway warehouse or PO box. Or, even more likely, when she's baited into paying a scammer for the opportunity to meet Ellen.

Anytime she shared a story about a "sweepstakes" (usually Ellen related) or website (also Ellen) that she signed up for, I would immediately launch into a slightly condescending lecture about the threat of scammers and shame her for clicking unfamiliar links online.

But thankfully, my mom hasn't had her identity or credit card information stolen.

Advertisement

But now I — a smug Millenial journalist who practically grew up online — have.

Awkward.

It started with a text message

This is the text the scammers sent me.Haven Orecchio-Egresitz

When my (non-biological) grandmother moved to Norway, I sent her a small package with some art my 1-year-old made.

So when I got a text message claiming to be from the United States Postal Service saying there was a problem delivering my package, I'll admit, my Spidey senses did go off. I did think it was probably a scam.

But I went to the link anyway, just in case. I didn't want Mommo to never get my daughter's priceless package!

Advertisement

The scam website looked a lot like the real thing

Can you spot the differences between the two websites? The fake one is on the left and the real one is on the right.Insider; USPS

I opened the link on my phone. I was suspicious. I then opened it on my laptop so I could click around and make sure it was actually the USPS. I am a prudent internet user, after all.

It seemed legit. It linked to a page about "informed delivery" and I am an Informed Delivery subscriber. I like to know when my late-night Halloween decor purchases are arriving before they hit my doorstep.

It also had a tracking number, an FAQ page, and other indicators that left me satisfied.

I went back to my phone, entered my home address — which in retrospect I'm not sure why they'd need that — my email address, and my phone number.

Then the red flag that trumps all red flags appeared: it asked me for my credit card information for a $o.30 redelievery fee. I thought — this doesn't feel right, but what the hell.

Advertisement

WELP.

Finally, it prompted me to enter the verification code it sent to my phone. It also had a timer to do so.

I never got a code. After checking all my spam folders to make sure, I realized I HAD BEEN GOT.

With a heart full of shame, I reported the scam

I am ashamed.Haven Orecchio-Egresitz

I called my husband, a web developer who also works in IT. You know, that sassy department that sends you scathing emails warning you not to fall for phishing attempts.

He was displeased. And also, not quite as surprised as I was that I could fall for something like this. I'm offended, to be honest.

Advertisement

My husband tried to call the bank to report fraud. That call, however, was interrupted by their call. The bank had detected fraud and was already letting him know about it.

He cancelled the card and no money was lost — that we know of.

I also let my IT department know because I opened the link on my work laptop. (Please don't fire me.)

Then I began Googling everything about the USPS scam. I should have trusted my gut.

The USPS says they don't send tracking texts or emails with links in them

The USPS has an entire webpage warning people about "smishing," the name for scams conducted via text message.

Advertisement
The USPS warns about smishing. What a stupid name.Haven Orecchio-Egresitz

The USPS does have services to track packages, but you'd have to ask for it and initiate the text yourself. (I had not, so, my bad.)

These alerts from the actual USPS won't contain a link, and apparently wouldn't cost any money. Shame on me for thinking our postal service was milking me out of $0.30.

The website also asks that you report any smishing attempts to spam@uspis.gov. I have since done that, with shame in my heart.

This whole ordeal serves as a lesson that I am not above these sophisticated scam attempts.

Maybe I will be less smug the next time I have to write about the poor, well-meaning grandmother who was duped out of her retirement savings.

Advertisement

She, at least, (hypothetically) thought her loved-one's life was in danger. I thought my daughter's handprint art might be lost in transit.

Who's the bigger fool?

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article