“The real scam resides in the fine print. By agreeing to pay the small shipping fee, you’re also signing up for a 14-day trial to the company that sells the scammy products,” How-To Geek reported. “After the trial period, you will be billed $98.95 every month and sent a new supply of whatever item you claimed as a reward.”
Such “smishing” scams (the word combines SMS, the technical format for texting, and phishing) have become increasingly common. Fraudsters often create realistic-looking texts from seemingly reputable sources, such as FedEx or Amazon, which are then used to extract personal information: passwords, Social Security numbers, bank account or credit card numbers.
The Federal Trade Commission received more than 93,300 complaints about unwanted texts in 2018, including smishing attempts, according to Consumer Reports. That is 30 percent higher than the previous year, and reports continued to rise in 2019.
FedEx and Amazon did not immediately respond to requests for comment. (Amazon founder Jeff Bezos owns The Washington Post.)
“FedEx does not request, via unsolicited mail, e-mail or sms messages, payment or personal information in return for goods in transit or in FedEx custody,” the company says on its website. “If you have received a fraudulent e-mail or sms message that claims to be from FedEx, you can report it by forwarding it to firstname.lastname@example.org.”
Although these texts can look convincing, there are generally signs that suggest a scam. Spelling and grammatical errors and frequent use of exclamation points should be a red flag, FedEx warns, as should links to misspelled or slightly altered Web addresses, such as “fedx.com” or “fed-ex.com.” Unexpected requests for money in return for a delivery of a package, or messages that demand immediate action, such as “Your account will be suspended within 24 hours if you don’t respond,” are also warning signs, the company said on its website.
Getting tricked by scammers can prove to be a costly mistake. A 2018 “smishing” campaign in Ohio targeted customers of Fifth Third Bank, according to Consumer Reports, exploiting the fact that the bank had just introduced cardless ATMs that allow customers to get cash using their mobile phones. About 125 people were tricked into giving up usernames and passwords, which hackers then used to steal $106,000 from ATMs across the Midwest.