I am receiving (just got another one) the following image text is the full size version:
As you can see I got this text on Wednesday November 8th at 9:10 am
the text says “The USPS package has arrived at the warehouse and cannot be delivered due to incomplete address information.”
Please confirm your address in the link within 12 hours
weblink they want you to use: http:// usps . uspskkv . com
I am purposely putting spaces so as no one tries to actually go there – this website is fake.
The real post office has different mechanisms to handle bad address situations (I am not going to tell you what the usps would have done so as to not give the spammers/criminals any more information
The text as it is written is obviously (to me) problematic and is a phishing or smishing hacker attack since it is a text.
But just to confirm I did a lookup on the domain name uspskkv.com which has to be handled in a specific manner.
Interesting to note… the dns of this domain is hostmaster.hichina.com
That is very interesting… why is the usps now hosting in China? Obviously this is fake and criminal in nature.
Above is the screenshot of my command and it’s response (with the hostmaster.hichina.com info).
There are some things you cannot fake if you want to control or steal info, and dns is that thing. If you want me to go to your server which has the website that will take my info – then one has to tell my browser where to go. This process uses the dns(Domain Name Service) system.
So if I see the dns server is in China it definitely makes me think that this is a fake text.
What to do? Well one has to be used to ignoring phishing or smishing attempts.
Prepare yourself and purchase my book with more examples of phishing and smishing to prepare yourself on the defense of your computing environment:
Too Late You’re Hacked Book ( set up a defense of your company with a security policy and more)
Too Late You’re Hacked Guide (with examples)
More texts coming with slightly modified domain names sent on Nov11, 2023 (Post office does not work on Veterans day is red flag #1 🙂 Here it is usps.uspsbjm.com
I did the dns lookup and got similar results (from hichina.com)
(not a screenshot this time - copy and paste : ------------------------------------------------------------------ ; <<>> DiG 9 <<>> @localhost uspsbjm.com MX ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44696 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;uspsbjm.com. IN MX ;; AUTHORITY SECTION: uspsbjm.com. 600 IN SOA ns7.alidns.com. hostmaster.hichina.com. 2023110723 3600 1200 86400 600 ;; Query time: 252 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Nov 11 20:42:13 2023 ;; MSG SIZE rcvd: 95 ------------------------------------------------------------------ I suspect they have many more domains as one can almost have an unlimited supply. Any text created like this is 100% fake.
What to do? Well one has to be used to ignoring phishing or smishing attempts.
Prepare yourself and purchase my book with more examples of phishing and smishing to prepare yourself on the defense of your computing environment:
Too Late You’re Hacked Book ( set up a defense of your company with a security policy and more)
Too Late You’re Hacked Guide (with examples)