Public Warned as Delivery Scams Exploit X's T.co Links, Leading to Millions in Losses
A recent social media post featuring a skull emoji and a t.co link has served as a stark warning against prevalent smishing scams, particularly those impersonating delivery services. The tweet, from user Champagne Joshi, highlights the ongoing threat where malicious actors exploit X's (formerly Twitter's) URL shortening service to trick unsuspecting individuals.
Smishing, a portmanteau of SMS and phishing, leverages text messages to manipulate recipients into revealing sensitive information or clicking malicious links. Scammers frequently impersonate trusted entities like postal services or banks, creating a false sense of urgency to prompt immediate action. The use of t.co links in these scams is particularly insidious because the domain itself belongs to X, making it difficult for security systems to automatically flag as malicious.
Reports indicate a significant financial impact from these text-based scams. The Federal Trade Commission (FTC) revealed that consumers lost approximately $470 million to text message scams in 2024, marking a 434% increase from 2020 figures. These fraudulent messages often contain links to fake websites designed to harvest personal details, banking credentials, or install malware on devices.
Common smishing tactics include fake package delivery notifications, urgent bank alerts about suspicious activity, and even prize or lottery scams. Experts advise extreme caution when receiving unsolicited messages, especially those containing links. Users are urged not to click on suspicious links, reply to unknown senders, or share personal information.
To protect against these growing threats, cybersecurity professionals recommend verifying the legitimacy of any urgent message through official channels, such as directly contacting the company or service provider. Reporting suspicious texts to authorities like the FTC and forwarding them to SPAM (7726) can also help combat these widespread fraudulent activities.