When Phishing And Disinformation Meet

iStock-174649421The Insider reported that QAnon is co-opting a USPS phishing scam, and claim the Vishing text messages are linked to human trafficking.

"A viral [text] phishing scheme is targeting people across the country with scammy text messages claiming to be from the United States Postal Service (USPS). Now, QAnon conspiracy theorists have jumped into the fray, falsely claiming the scheme is tied to human trafficking, as reported by Insider.

There’s no evidence to suggest this is true. The rumor has spread on Facebook and Instagram, echoing the Wayfair conspiracy theory that went viral earlier this summer. Unlike the Wayfair conspiracy, however, the USPS myth is obfuscating a real phishing threat.

The scam involves text messages that claim to have information about a USPS delivery. To find out more, people have to click a link. On Twitter, security researcher Eric Ellason said the link goes to the domain m9sxv.info, which then redirects to jtuzd.rdtk.io. He speculated the goal was to steal peoples’ credentials, as reported by Gizmodo.

On September 1st, an Instagram user with over 5,000 followers posted a screenshot of the text message, and said that clicking the link would have given traffickers access to her location. “There is a new sex trafficking method where you will receive a text message saying that there was an issue with a package that you have purchased,” she wrote. “Whether the ‘problem’ is your packaged has been lost, damaged, etc. the message will send you to a link to ‘track your package’, and apparently once you open the link your location will begin to be immediately tracked.”

By then, the rumor had already gone viral enough that Polaris, the non-profit behind the National Human Trafficking Hotline, had to put out a statement. It said the organization had received numerous reports about the USPS scheme and its supposed link to human trafficking. It urged people not to spread false information.

“Handling a surge of concern over viral social media posts makes it far more difficult for the Trafficking Hotline to handle other reports in a timely manner and might result in wait times for people who have a limited window of opportunity to reach out safely,” Polaris wrote.

If there’s a bright spot on this bleak horizon, it’s that the rumor could stop people from clicking the link in the scammy text message. Inadvertently thwarting a phishing scam by spreading misinformation about human trafficking is very 2020, to say the least. KnowBe4 just released a new Disinformation training module. You can preview it at no cost at the ModStore. See below.

Cross-posted from The Verge with grateful acknowledgment.

The world's largest library of security awareness training content is now just a click away!

In your fight against phishing and social engineering you can now deploy the best-in-class simulated phishing platform combined with the world's largest library of security awareness training content; including 1000+ interactive modules, videos, games, posters and newsletters.

You can now get access to our new ModStore Preview Portal to see our full library of security awareness content; you can browse, search by title, category, language or content topics.

ModStore01-1The ModStore Preview includes:

  • Interactive training modules
  • Videos
  • Trivia Games
  • Posters and Artwork
  • Newsletters and more!

Start Your Preview

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Topics: Phishing

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews