Skip to main content
Topic: A fraudulent text came to me asking me to click a link to update my addy (Read 484 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

A fraudulent text came to me asking me to click a link to update my addy

they claim to be from the united states postal service and assert they have a package that needs delivered.
as i am poor and certainly haven't ordered anything i am expecting to receive i know this is a fraud but just to be sure the reverse phone number lookup clearly shows a non-governmental entity as the owner of the phone number texting me.

what i want to do is open the link to see what it shows but without compromising my pc.  is there any safe way to do this on linux?

ps, i called the number from a blocked number and left a voice mail addressing the person by name and threatening them with the fbi as it is across state lines from where i live they are calling me from.
Cat Herders of Linux

Re: A fraudulent text came to me asking me to click a link to update my addy

Reply #1
You shouldn't respond in any way because the scam may just be to see if the contact details are live, click on a link or return the message and you confirm they have found a real person so the details can be sold on to other scammers. Phone numbers can be faked as can email sender details, don't believe anything, everything about it could be bogus. Look up the procedure to report or forward these things in your country, follow them, then forget about it and find something more useful to spend your time on. Malware pros might use airgapped systems that get wiped and reinstalled, but that won't help you if they simply want a response. There could be various filters and blockers that can help, some phone or email service providers are better than others at avoiding this stuff.
 Some people engage in "scambaiting" as a hobby, there are online guides and services to assist you, probably not advisable but you did ask.  ;D

Re: A fraudulent text came to me asking me to click a link to update my addy

Reply #2
It's fraudulent.

I don't know about where you live but in the UK this is a massive one. And a lot of people fall for it.

Newest one I heard of (ex got stung) is they put their own stickers over the proper 'pay by phone' stickers on parking meters so people think they are texting the legitimate parking company. Get link back. Follow, Card details.... You know the rest. Thankfully for her bank was suspicious on the first fraudulent transaction and send her another text to confirm fraudulent transaction was her. No. Then blocked her card. No loss.

To answer your question, if you can't resist, spin up a VM, follow link and have a look, delete VM. Or take a snapshot of existent VM, afterwards revert to snapshot.

Ideally just ignore it.

Re: A fraudulent text came to me asking me to click a link to update my addy

Reply #3
it's true.  even responding might be too much.  better to block the number and report it is spam and move on.  hadn't thought about them just looking to see if they reach a person. i called the number using a blocked phone number and told them i was reporting them to the fbi.  even that might have been enough to satisfy their curiosity. 

I have seen scambaiting videos on youtube but thought they might just be for show and not actual scambaiting.  there's nothing to say those folks are indeed doing what they say they are doing and it could all just be fake reality youtube videos.  in any case i haven't those tools are skill set.

Would a virtualbox protect my system? no no.  better not to respond.  spin up a browser in a container?  i think i'll leave it be.  thanks all.
Cat Herders of Linux

 

Re: A fraudulent text came to me asking me to click a link to update my addy

Reply #4
You can sandbox your browser with bubblewrap, firejail or containers like docker or LXC, etc. Virtualbox would work too but you have to be sure you don't have DNS leakage, etc.

In the end it's better to not respond at all and relay the information to local fraud groups, police, etc depending on the situation. Today it's even more dangerous as some of these groups targeting people are recording the voices for snippets, etc. So, don't risk youself.

My wife and I are starting to receive odd SMS messages that are spoofing certain companies around where we live except we don't consume any of the services they offer, so we know it's bs.