My most expensive hobby is no longer keeping up to date with Apple ecosystem hardware. It¡¯s become expanding and updating my Scottish Highlands wardrobe (even more expensive, and when you order something it doesn¡¯t show up on your door step 24 hours (or even 24 days) later. For ¡°bespoke¡± garments (made from measurements from fabric woven in Scotland), the waiting times are often 6-12 WEEKS, and sometimes MONTHS.
Yesterday I received an SMS allegedly from the USPS regarding an item supposedly being held at US customs because of an ambiguous Zip code. The message use of commas and punctuation was a bit odd, but I didn¡¯t really get suspicious until it asked me to reply and fill in a ¡°confirming¡± form that asked for a credit care number.
What fooled me, at first was the URL to which I was supposed to reply: <https://usps.com-trackcpa.top/I>, AND the fact that I was eagerly awaiting a shipment from Edinburgh, supposedly arriving today, being delivered by DHL. I don¡¯t often get packages from DHL, but I don¡¯t remember them using the USPS for ¡°last mile¡± delivery
At first I wondered whether the postal service¡¯s domains included a dot-com rather than dot-gov extension, but my ¡°Informed Delivery¡± daily emails come from a usps.com address. What I didn¡¯t know was whether usps.com-trackcpa could actually be a totally different domain address.
Fortunately, my suscpicions were raised enough to do a quick web search, where I learned that these attacks are rampant.
