Wave of Smishing Texts Informing You of Parcel Arrival Hoping to Get Your Creds

I am updating this original post, from 15 days ago, since the vish has now become an ongoing vishing campaign and the center of a phishing AND disinformation campaign by QAnon supporters who co-opted what is a parcel post fraud . The vish is meant to grab your creds however QAnon supporters have turned the meaning of the scammy link into a disinformation campaign. They are spinning it as somehow related to sex trafficking. They claim when you click the link, you will be tracked. Please beware this is a real credential vish, but the QAnon spin is a phony disinformation campaign. Don’t click scammy links and fact check what you read on social media.

From our glossary:


False information which is intended to mislead, especially propaganda issued by a government organization to a rival power or the media.These are also called influence campaigns or manipulation campaigns. Disinformation is often forwarded to friends and family and at that point it is called misinformation Russia invented disinformation under the leadership of Joseph Stalin who created a special agency that took propaganda campaigns to w shole new level called Dezinformatsiya.

[QAnon spin] “There is a new sex trafficking method where you will receive a text message saying that there was an issue with a package that you have purchased,” she wrote. “Whether the ‘problem’ is your packaged has been lost, damaged, etc. the message will send you to a link to ‘track your package’, and apparently once you open the link your location will begin to be immediately tracked.”

For the skinny read our blog post.

Original Post
Yesterday, I received a text on my phone which I instantly recognized as a click here to get your parcel phishing scam. I did a little investigating. My text originated from Long Beach, CA probably from a spoofed number. 714 area code. Most of the others I’ve seem reported seem to be coming from this area.The text of the message says. [Your name] We came across a parcel from July pending for you. Please claim ownership and schedule for delivery here: The link had an obscure name which I don’t want to post and have you clicking on malcious links. But it looked like this. XXXXX.info/gpualU0E6MF. Variations of these texts started swarming around August 23rd based on other reports I’ve seen. The domain are .info sites and those I found were registered with Namecheap with Whoisguard privacy on. Needless to say don’t click on these. These are variations of the emails which also claim to have FEDEX or UPS packages. Scammers are obviously trying to grab your creds! Some variations address you by name, or Mate etc. Looks like a pretty unsophisticated scam. Have you seen any of these scammy smishes?

Oh yes! Lots of them ! Many of my end users know not to click, but don’t know why. I hope you don’t mind if I share your ‘scammy smishes’ story with my end users in an email? Please advise if this is ok. Thanks and have a great day!

Yes that is fine. The Hackbuster’s forum should also let you share the link even to unregistered users. I will try to see if i can show you how.

I actually saw that link. I try to get here often, I’m just swamped supporting my teachers during Distance learning. So I don’t get here as much as I’d like to. Thanks very much !

Good luck. I’ll try to post more like this! Monika, thanks for supporting the forum. Glad this was helpful.

I’m a huge fan -I wanna one day hi-5 you guys coming to and from work at Knowbe4 . lol

Featured Webinars

Advanced Phishing and

Monday 1:30 PM – 2:30 PM
» Learn More
Outlook Phish Alert Button
Tuesday 1:30 PM – 2:30 PM
» Learn More
Customizing Phishing Templates, Landing Pages, & Training Notifications
Wednesday 1:30 PM – 2:30 PM
» Learn More
Active Directory Integration
(ADI) Setup

Thursday 1:30 PM – 2:30 PM
» Learn More

Friday 1:30 PM – 2:30 PM
» Learn More

Privacy Policy | Terms of Service