Recently, a friend showed me her phone and asked me if several package notifications from USPS were legitimate. She said she deleted the message, but since she sends a lot of packages and receives orders she wanted to be sure she wasn’t missing a legitimate notification.

The image below show multiple red flags. The recipient was “added to a chat with 2 others”. That’s not normal. There is a country code other than the US (the +63 number) in front of the phone number. Not normal! Also note the use of “accordingly” – this is likely a user who speaks other than American English as a first language as the syntax is unusual for the US.

Scammers used to make it fairly easy to tell that the messages were not legitimate. If you looked at the link for the “package notification”, you would see that it clearly went to something like “SunnyDayzBBQ.biz”. Unless you were expecting a special order of barbeque, it became obvious that this was not the US Postal Service sending you an official notification.

When I looked at my friend’s phone, I saw a “bit.ly” link – meaning the scammer used a “link shortening service” to hide the ultimate website you’d be taken to. Now how does a user tell if the obfuscated site is real, if you can’t see it? There are multiple free online link “expander” services.

When in doubt, don’t click the link you received. That’s usually not safe to do. Copy the link and paste it into a site like URL Expander. https://urlex.org/ As always, be cautious to never paste sensitive information into websites.

Once you’ve got the expanded URL, it may be obvious from the name of the domain (website), or you may want to paste it into free reputation lookup sites such as VirusTotal, HybridAnalysis or JoeSandbox.

Below is an example of an actual legitimate URL from UPS. One can tell by the “top level domain” or, the text that you see of “ups.com”. The additional text that follows is an identifier for the specific package in this message (though it never hurts to look closely and make sure. If in doubt, type in the known good website yourself (or use a good bookmark), and then enter the package tracking number that you have.