On top of all the other fracas currently facing our country’s postal service, the USPS name is at the center of a string of phishing schemes slamming phones nationwide, with some folks claiming these texts have ties to a massive, multinational sex trafficking operation—while offering no evidence to back it up.
For those lucky enough not to have received these texts, the scheme generally works like this: you get a text from a mysterious number claiming that your delivery from USPS, FedEx, or another delivery service is experiencing some sort of issue in transit that requires your urgent attention. Because our country’s post offices are in a state of literal crisis right now, and because the text includes a legitimate-sounding (but in fact phony) tracking number, you click on the link they provide.
What happens next is up to the scammer behind the text, but generally they’re trying to get your credentials—most often in the form of a credit card number. In the example security researcher Eric Ellason unearthed in this tweet thread, the link that supposedly provided access a supposed USPS shipment actually led to a domain that did nothing but infect your browser (or phone) with malware.
The current wave of texts hitting countless phones across the country might seem like a new threat, but it’s actually been around for a while. Back in February, the FTC put out a notice warning people to be skeptical of any potentially scammy tracking codes being sent their way. And then at the start of this month—likely spurred on by the new round of phishing attempts—the Better Business Bureau put out its own memo warning folks about some popular “delivery scams,” including the phony text from FedEx or USPS. It’s spam, plain and simple.
But of course that couldn’t be the end of it, because this is 2020, and people with too much time on their hands love tying mundane happenings to vast conspiracies—the sale of human lives in particular. As Insider first detailed, one of the more notable examples involved one Instagram poster claimed the links in the text were planted to covertly track the location of vulnerable women, to eventually traffic them, rather than acting as a malware vector to steal their credit card numbers. Similar posts have been seen circulating across Facebook, with one becoming viral enough that Facebook eventually felt the need to note that the claims the user were making were, indeed false—but only after thousands of users had shared it, Qanon diehards co-opted it, and an untold number of women got way more freaked out than they had any need to be.
These rumors got so bad that the Polaris Project—a nonprofit that combats trafficking—put out a statement begging people to stop flooding their real sex trafficking hotline with this completely unverified horseshit. It’s sadly not the first time, either. The organization had to do the same when its phone lines were flooded with similar “tips” regarding the e-commerce giant Wayfair, which can naturally also be sourced back to the Qanon community.