It’s an all-too familiar cycle. New types of communication channels bring new types of deception. Telemarketing brought robocall scams, the growth of email brought about phishing, and now, as more companies communicate with customers through text messages, comes… smishing.
What’s smishing? A fraudulent text message pretending to be from a reputable source – your bank, for example, or the U.S. Postal Service. Usually the message tries to get the target to reveal personal information, such as passwords or credit card numbers, or to convince the recipient to click on a link that installs malware.
During an audit of the Postal Service’s social media activity, the OIG uncovered a smishing campaign which involved a third party posing as USPS, claiming to have a link to information about a package. In our recent Management Alert, Active Smishing Campaign Masquerading as the U.S. Postal Service, OIG auditors examined the Postal Service’s response to the attack.
We reviewed Postal Service social media channels as well as USPS.com and found that at the time the Postal Service had not provided any public notification of this campaign. However, in late October the U.S. Postal Inspection Service rolled out a smishing awareness campaign on its public website.
Alerting customers to potential fraud helps protect their personal information and preserves the Postal Service’s brand, reputation, and customer loyalty.