Thursday, November 10, 2022

Sophisticated Attempt of Data Theft - Why You *Have* to Remain Vigilant

 I had an interesting experience last week that I'd like to tell you all about since it could potentially happen to you as well... The good thing is that my installed security stopped the potential problem, but I should have caught it myself.

Since we run a pretty busy practice, we order a lot of supplies.  Every day our UPS driver brings in several boxes.  We have all of our ordering pass through one employee to help us keep a handle on things, but I also order supplies on occasion for specific uses that I am better equipped to know.

Last week I had personally ordered 3 different things all coming in different shipments.  I wasn't sure how the orders would arrive.  We routinely receive things from UPS, FedEx, DHL, and the United States Postal Service.

On Thursday I was sitting at my desk when I received a text message on my mobile phone.  It came from a long distance number that was not in my contacts.  While that alone, would normally raise my suspicions, the message itself helped decrease those concerns.  The message read:

[US-PS]: We cannot deliver your package to you due to incorrect house number. Fill in the correct address online and we will redeliver

The message ended with a link to a website.  The message being from "US-PS" should have made me more cautious, but I thought "the postal service probably uses this all of the time."

I opened the link on my Mac and a webpage opened.  The address was to "" and there were all kinds of blank fields for me to fill out.

Fortunately I had used the US Postal Service website before and I knew their address was "" with NO hyphen.   The suspicious website had a tracking number for my package with a lot of fields  for me to fill in.  Before I clicked anything on the page or input any data, I opened another tab and went to the USPS website where I went to the package tracking page and input the number on the suspicious page.  The search came back with "no package found".

I returned to the suspicious tab and when I looked at it, by now a couple of my security programs popped up warning me that this page looked suspicious and NOT to enter any data or click any links.

Had I been busier or in desperate need of some supply I was expecting, I might very well have filled out the page and submitted the info BEFORE my security apps had caught it.   Fortunately my suspicions paid off and saved me, but I almost committed the cardinal sin of entering or clicking without a second thought.

It's a bit disconcerting knowing that my mobile number is out there in a database for scammers to use, but that is the price of being so connected, I suppose.  However, I wanted to make all of you aware of this situation in case something similar happens to you.

No comments:

Post a Comment