Don't Fall For The Fake USPS ECCC SMS Text Message Scam

If you received a suspicious text message from “USPS ECCC SMS” claiming issues with a package delivery, think twice before clicking any links. This is a crafty new phishing scam trying to steal personal and financial information by posing as a USPS alert.

The scam starts with a text message stating your shipment is on hold due to incomplete address information. It provides a link supposedly to verify your address so the fictional package can be delivered. However, the link actually directs to a fake website designed to harvest your sensitive data for criminal purposes.

This comprehensive guide will uncover how the scam operates, red flags to watch for, and ways to avoid becoming trapped by this deceit. Understanding the deception involved is key to safeguarding your identity, accounts, and assets. Don’t let scammers masquerading as USPS intercept your private information and finances.

An In-Depth Examination of the USPS ECCC SMS Text Scam

This scam starts with a text message claiming to be from “USPS ECCC SMS.” It states that a package delivery is currently on hold because the recipient’s address is incomplete or incorrect. The message includes a link supposedly to verify the address so the fictional stalled shipment can be delivered. However, the link actually directs to an elaborate fake USPS website designed to steal personal information and account credentials from victims.

For example, targets may receive a text that says:

USPS ECCC SMS: Your shipment has been proccesed at out faciltiy but is currently on hold due to incomplete address information. To facilitate timely delivery, we request you very your adress though the link provided below:
[malicious link]
(Reply to 1, keep the SMS and open the SMS activation link again or copy the link to open in Google Chrome.)

This message is not truly from USPS, and there is no real stalled package. The link goes to a convincing but completely fraudulent USPS website. This phishing site prompts victims to enter various personal details like full name, date of birth, address, phone number, and sometimes even Social Security Number.

If users provide their private data, scammers can use it to commit serious identity theft and account fraud. Criminals will quickly sell the stolen personal information on the dark web to fellow fraudsters. They may also directly use it themselves to open fake accounts, take out loans in the victim’s name, file fake tax returns to collect refunds, and commit other identity fraud causing severe financial and legal consequences.

According to the FTC, these types of USPS and shipping-related phishing scams have caused more than $44 million in losses for victims in 2022 already. The huge volume of packages sent through USPS makes these scams resonate widely and seem legitimate. The additional detail of referencing address verification makes the scam extra convincing.

With more people relying on USPS and other carriers for online shopping deliveries, cunning scams like this are on the rise. But an informed public can stay safe by never clicking links in unexpected texts, verifying senders, and scrutinizing site details carefully before entering any personal information.

How the Fraudulent USPS ECCC SMS Scam Functions

The deceptive USPS ECCC SMS text message scam leverages a fake shipping alert and phony tracking details to steal financial and personal information from victims. Here is an in-depth look at how the cunning fraudsters carry out this scam:

Step 1: Targets Receive SMS Text About Fake Package

It starts when targets get a text claiming a package with a made-up tracking number is stalled due to an incorrect address. The message claims to be from “USPS ECCC SMS” and provides a link to resolve the delivery issue.

Step 2: Victims Redirected to Elaborate Fake USPS Site

Clicking the link sends victims to a highly realistic but completely fraudulent USPS website. This phishing site mirrors the look of the real USPS.com to deceive victims.

Step 3: Fake Site Shows Fake Tracking Details

The scam site displays phony tracking details for the fictional package, tied to the fake tracking number in the initial text. This convinces victims it’s one of their real packages.

Step 4: Site Says Address Needs Verification to Redeliver

The site states the recipient’s address couldn’t be verified, so redelivery of the imaginary package requires address confirmation first.

Step 5: Victims Enter Name, Phone, Address into Phishing Site

Victims enter personal details like full name, phone number, and home address into the site to supposedly correct the address error.

Step 6: Fake Site Requests Small Fee to Redeliver “Package”

After entering personal info, the site states a small redelivery fee (under $1) must be paid before the fictional package can be resent to the updated address.

Step 7: Victims Enter Credit Card into Phishing Site

If victims provide their credit card number, expiration date, and CVV code into the fraudulent site to pay the small “redelivery fee”, the scammers instantly capture this financial data.

Step 8: Criminals Misuse Credit Cards and Sell Info

The scammers use victims’ credit cards to make fraudulent purchases and sign them up for costly monthly subscriptions. They also quickly resell the financial details on the dark web.

Step 9: Stolen Personal Info Used to Commit Identity Theft

Scammers use victims’ names, phone numbers, addresses, and other data stolen in the scam to open fake accounts, file fraudulent tax returns, and commit identity theft.

The phony tracking details and minimal redelivery fee provide cover for stealing financial and personal information through an extremely deceptive process. This scam shows the lengths criminals will go to in order to steal identities and money from victims.

What To Do If You Entered Information on the Scam USPS Site

If you suspect you may have fallen for this scam and entered any personal details on the fraudulent USPS website, take these steps immediately:

Place a fraud alert and security freeze on your credit reports.
Monitor your credit reports and financial accounts for any suspicious activity.
Change passwords on all online accounts, using unique strong passwords for each.
Be on high alert for additional phishing attempts via phone, text, or email.
Contact the FTC, FBI, and USPS to report this phishing scam.

Taking swift action can help limit damages and prevent further identity theft as a result of this scam. But prevention is most crucial by learning to recognize phishing attempts.

How to Detect This USPS ECCC SMS Text Scam

Stay vigilant against this scam by watching for these telltale indicators of fraudulent texts and websites:

Text Message Red Flags

Uses urgent language about a package being stuck or delayed
Originates from unknown sender, not a verified USPS number
Includes link to a suspicious shortened URL
Has poor grammar, spelling mistakes, and typos
Requests personal information over text

Fake USPS Site Warning Signs

Asks for sensitive data like SSN, birthdate, etc.
URL looks credible but site redirects to sketchy domain
Missing verified HTTPS protocol in the URL
Low resolution images and graphics
Credit card/social security portals lack security measures

Go slowly and check for site legitimacy before entering any information.

Frequently Asked Questions About the USPS ECCC SMS Text Scam

1. What is the USPS ECCC SMS text message scam?

This scam sends a phony text message claiming issues with a USPS package delivery and providing a link to verify your address. However, the link goes to a fake USPS website designed to steal your personal information and data.

2. What delivery issues does the text claim are happening?

The text states the fictional package is stuck on hold due to an incomplete, unverified or incorrect delivery address.

3. What link is included in the text message?

The text contains a link that supposedly leads to the USPS site to verify your address and get the fake stalled package moving again. But it actually goes to an elaborate phishing site.

4. What personal information do scammers gather from the phishing site?

The fake USPS site tricks victims into entering info like full name, DOB, address, phone number, SSN, or even financial account details.

5. How do criminals use the stolen personal information?

Scammers use victims’ info to open fraudulent accounts, file fake tax returns, commit identity theft, make unauthorized purchases, take out loans in the victim’s name, and more.

6. What are signs this text is a scam?

Red flags include unknown sender, fake looking links, typos/grammar issues, urgent pleas, request for personal info over text, and threats of account suspension.

7. How can I avoid falling for this USPS ECCC SMS scam?

Carefully scrutinize all texts, verify real USPS senders, avoid clicking links in messages, check for site legitimacy before entering info, and never give personal data to unsolicited requests.

Key Takeaways About the USPS ECCC SMS Scam

This scam reveals important lessons about online safety and protecting your personal information:

Unexpected texts requesting personal data or claiming package issues should raise red flags. Verify the sender is legit first.
Clicking on links in suspicious texts can direct you to very convincing phishing websites designed to steal your information.
Fake shipping alerts and small fees are tricks scammers use to get your guard down and harvest your financial details.
Providing any sensitive data to unverified sources gives scammers the power to commit serious identity theft and financial fraud in your name.
Monitor your accounts closely if you shared any information with a suspicious text or website. Report fraud to your bank, USPS, and authorities immediately.

Staying vigilant against phishing and verifying senders can help you steer clear of this scam. Don’t let scammers hide behind trusted names like USPS to intercept your personal data and identity.

10 Rules to Avoid Online Scams

Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.

Stop and verify before you click, log in, download, or pay.

Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).

If you already clicked: close the page, do not enter passwords, and run a malware scan.
Keep your operating system, browser, and apps updated.

Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.

If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.
Use layered protection: antivirus plus an ad blocker.

Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.

If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.
Install apps, software, and extensions only from official sources.

Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.

If you already installed something suspicious: uninstall it, restart, and scan again.
Treat links and attachments as untrusted by default.

Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.

If you entered credentials: change the password immediately and enable 2FA.
Shop safely: research the store, then pay with protection.

Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.

If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.
Crypto rule: never pay a “fee” to withdraw or recover money.

Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.

If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.
Secure your accounts with unique passwords and 2FA (start with email).

Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.

If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.
Back up important files and keep one backup offline.

Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.

If you suspect infection: do not connect backup drives until the system is clean.
If you think you are a victim: stop losses, document evidence, and escalate fast.

Move quickly. Speed matters for disputes, account recovery, and limiting damage.
- Stop payments and contact: do not send more money or respond to the scammer.
- Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
- Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
- Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
- Scan your device: remove suspicious apps or extensions, then run a full malware scan.
- Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
- Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.

These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.

Don’t Fall for the Fake USPS ECCC SMS Text Message Scam