Thanks FedEx, this is why we keep getting phished

FedEx may have the worst and least secure digital platform for a major company. Some examples I’ve noticed:<p>1. I moved into a 10-unit apartment building and wanted to set up FedEx Delivery Manager. I just put in my new address, no verification whatsoever, and I was immediately given access to the previous tenant’s delivery instructions which included the buildings private garage code. Any thief could have done the same.<p>2. When I moved out of that building I wanted to add my new address to delivery manager … but I couldn’t. The site errored every time. The reason? Some forums revealed the correct hypothesis that if you have special characters in your password then some parts of the site are permanently broken for you. Including the change password flow. So I had to have my wife make a new account with a worse password.<p>Truly amateur stuff for an otherwise very impressive company.

A while ago my wife applied for a home equity loan. At some point I got a call from someone claiming to be from the bank she had applied through (I forget which one), calling to make sure I approved the loan since the home is in both our names. He asked for my name, which I gave him, and then the last four digits of my social security number, which I also gave him. He then proceeded to ask for my full social security number, at which point alarms started going off in my head and I started sweating about even giving the last four digits to a stranger who had called me out of the blue. I told him I wouldn&#x27;t do that, and was there a number on the bank&#x27;s website I could call in order to get back to him, in order to verify that he actually worked for the bank. The guy started acting really annoyed, and said he didn&#x27;t think there was any number on the bank&#x27;s website that could reach him, and that if I didn&#x27;t give him my full social security number he would be forced to reject the loan application. I told him I didn&#x27;t feel comfortable giving that information to someone who had phoned me, and if there was no way for me to call him back through an official bank phone number then the call was over. He hung up angrily.<p>Turns out he actually was from the bank and he did cancel the loan application.

A few months ago I got an email from the IT center of the company I work for that was dodgier than any phishing email I have ever received:<p>- Coming from a domain that looks nothing like the official domain of the company, rather some generic @itservice.com or something. - Subject: &quot;URGENT: your account is expiring soon&quot;. - Multiple links provided in the email body, all illegible and multiple lines long, none of them from a domain that I can immediately link to the company. - No alternative way of resolving the issue is provided other than clicking on one of those links (no &quot;go to your account settings&quot;, &quot;contact your line manager&quot; or so).<p>And still, it turns out it was real.<p>~100k employees company btw

I found a Reddit post today about a German bank mailing USB sticks containing their new general terms and conditions: <a href="https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;de&#x2F;comments&#x2F;1ax7ky3&#x2F;milde_interessant_die_sparkasse_schickt_mir_einen&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;de&#x2F;comments&#x2F;1ax7ky3&#x2F;milde_interessa...</a><p>You can&#x27;t make this up.

When I bought a car once, I received an email a few months later saying I hadn&#x27;t proven I had obtained insurance on it, and the bank wanted me to visit a domain that wasn&#x27;t theirs to provide proof.<p>The email I got looked like a badly-scanned letterhead and was very, very fishy.<p>After I received a few of them, I finally contacted the bank and it was <i>legit</i>.<p>I tried telling the office person (not just a clerk at the counter, someone with their own desk) about the situation and they couldn&#x27;t understand why it was bad.<p>I soon paid off that loan and got away from that bank.

Wow, I thought this was a great post, and I&#x27;m just dumbfounded about how egregiously bad that first SMS was - FedEx might as well tell the recipient they want to customs duties wired to a Nigerian prince.<p>But I also disagree with the general push of Troy Hunt&#x27;s recommendations. That is, we should just take the base assumption that humans, generally, can&#x27;t distinguish between real and phishing inbound messages. That&#x27;s only going to become more true with AI. Relying on those distinguishing characteristics in the first case is an absolute fatal flaw.<p>Instead (and, in fairness, Troy Hunt did do this) you should <i>never</i> depend on an outbound link or phone number in a message you received. You should log in to whatever service you think sent it based on looking up the address or phone number yourself. This &quot;hang up, look up, call back&quot; advice should be an absolute mantra. I think responsible organizations should just start by saying they will <i>never</i> put links or phone numbers in text&#x2F;emails&#x2F;calls, and their notification messages should say something like &quot;Log in to your dashboard to see details.&quot;

I know this comes down to institutional incompetency, but at some point there was a singular human person putting the template content the SMS message in question was generated from into some computer system somewhere and I genuinely wonder what was going on in their head that made them string the words together in this way. You&#x27;d have to give it a true, earnest shot to make it worse.

This fits nicely with my experience of FedEx. They sent me a bill 7 months after I had received the package. A few days later I get a reminder that doesn&#x27;t include the necessary information for payment, which seems rather lazy and stupid since an unpaid bill might well have been lost. It refers me to www.fedex.com where I&#x27;m told to create an account. I do that only to find it doesn&#x27;t know anything about my bill. By chance I do find the original bill shortly afterwards. Turns out this bill sent 7 months late had very small text saying &quot;to be paid immediately&quot;, the first time I see that on a bill (it&#x27;s usually 30 days in my country). Of course they sent me a second reminder 10 days after I paid.

This is a real problem with so much stuff outsourced to external cloud providers. Used to be, if it was from the company intranet, no problem. Now every survey, every training thing, every new flavour of the month is from external mystery domains and then it wants your corporate credentials to log in. At my company they keep us sharp by running &quot;fake phishing&quot; campaigns to kind of gamify recognizing phishing emails. But this shouldn&#x27;t be necessary for legitimate corporate stuff.

Suggest Law: If a company&#x27;s electronic notification to you is so phishy that a &quot;reasonable man&quot; would have obvious cause to doubt its legitimacy, then all financial and legal consequences of ignoring it are <i>on the sender</i>.<p>Edit: &quot;<i>sender</i>&quot; here refers to the sender <i>of the electronic notification</i>.

DHL, FedEx, and UPS are experts in overcharging to process a form and not caring about customers. Duty and VAT are usually low compared to this processing fee, and shipping has already been paid. Here is the catch in the EU, this simple duty form can be processed by the receiver, an agent (some related to the carrier), or an attorney-in-fact of the receiver. The big three carriers (and many others) threaten you if you refuse to use them.<p>At the end of the day, they don&#x27;t care if we get phished or scammed; it is all of customs confusion. Next time process your customs form, you will realise how much money you will save, and the form only has less than 8 fields, the Union Customs Code is easy to read.

I frequently buy things from Tokopedia, one of the largest e-commerce in Indonesia.<p>At one point, I ordered something, and the next day, someone contacted me through WhatsApp, claiming to be from the courier (with the company logo as a profile picture). They said my package was rerouted, and I had to click a link to fill out some form. Typical scam message, with typo and urgency. I can track the status of my order in the app, and it says it&#x27;s in transit somewhere. So, their explanation matches.<p>You might think, &quot;Well, that&#x27;s obviously a scam. They would not contact you through personal WhatsApp!&quot; But sometimes couriers <i>DO</i> contact you to ask for your precise location or notify you, &quot;Hey, I left your package with your neighbor. Here&#x27;s the photo.&quot;<p>I&#x27;m just wondering how the scammer got this info that Mr X is expecting Product Y from Shop Z. I almost fell for it (I was in the middle of something and got distracted), and I can only imagine the unlucky victims.<p>It happened 2-3 times during that period and then gone. Did someone find out and fix it? How did they find out? Because I&#x27;m guessing there are lots of hands involved in the delivery pipeline.

This reinforces the need for &quot;mutual trust security&quot; that I&#x27;ve been calling for now for years.<p>All of the significant authentication schemes are built to validate the customer, and none validate the vendor.<p>When your bank or mobile provider gives you a call : how do you know it&#x27;s them? They start asking you for personal data right away, but you have no idea who you are sharing information with.<p>We need &quot;mutual authentication&quot; including better identity, trust, challenge-response and more. Customers should be able to validate who they are talking to before even sharing their own credentials.

I received once a mail from my bank at the time stating that they have a message for me, but for security reasons I have to read it on their systems. And they provide the following link: <a href="https:&#x2F;&#x2F;cbk.pwlnk.io&#x2F;~hc" rel="nofollow">https:&#x2F;&#x2F;cbk.pwlnk.io&#x2F;~hc</a><p>The bank&#x27;s name is CaixaBank. I was wrong and the message was legit. My first thought was it was a scam :)

Was just dealing with similar nonsense from BMO Harris bank yesterday. I got this text (numbers changed):<p>&quot;FreeMsg: BMO Fraud Ctr: 18774352371 Case 19684358 Did you attempt $4.00 at NYTIMES with card x1234? Reply YES or NO&quot;<p>The 1234 did match the last 4 digits of my card - not the first four, a common trick - but the rest of the message is, as Troy says, Dodgy AF.<p>They then followed up with a similar email, prompting me to click on a link that began like this: <a href="https:&#x2F;&#x2F;ecs01-us.ficoccs-prod.net&#x2F;2088&#x2F;en-US&#x2F;tran_Not_Authorized" rel="nofollow">https:&#x2F;&#x2F;ecs01-us.ficoccs-prod.net&#x2F;2088&#x2F;en-US&#x2F;tran_Not_Author...</a><p>That&#x27;s certainly not a BMO domain. Wtf, bank?<p>So, called them and confirmed the messages were legit, unlike that charge.<p>And as an aside, this is far from the first time I&#x27;ve had a card compromised while never using it at a physical vendor, and only a handful of large online ones. Once I actually started getting fraud transactions on a card I had <i>never</i> used. I&#x27;m guessing access to credit card info is far too broadly available within the bank.

I contacted Wells Fargo to complain that their use of 3rd party surveys from non WellsFargo.com domains attenuates customers to entering banking information to 3rd parties.<p>They had one incompetent employee contact me to assure me that the communication was legitimate (not the complaint), then escalated to another employee who understood the complaint and promised to escalate… 6 months later I get an email assuring me that the communication was legitimate and closing the ticket.

At my company, they announced that in the upcoming month there would be an internal phishing sensibility campaign. Then, in the same month, they started sending out incredibly dodgy looking emails to &quot;security training&quot; provided by an external website. Of all emails, those looked the most like phishing but they are not. I decided that I refuse to do this training completely because to me it seems crazy how that was coordinated. I would never lose my job over this but it is amusing that I get an &quot;Urgent: security training still outstanding&quot; about once a week which just goes straight into the trash.

Your security is increasing at risk from organisations and corporations whose own grasp of security is appalling. Because instead of dealing with it they externalise risks and consequences onto the public and customers.<p>Even worse, is where attempts to query that security is <i>actively punished</i>.<p>This is typical now. Listen here (at 42:20) with an example regarding the UK NHS whose incompetence plays directly into the hands of cybercriminals.<p>[0] <a href="https:&#x2F;&#x2F;cybershow.uk&#x2F;episodes.php?id=24" rel="nofollow">https:&#x2F;&#x2F;cybershow.uk&#x2F;episodes.php?id=24</a> (time:42:20)

One out of ~10 international shipments of records I had in the last year one was from FedEx and they sat on it in their out for delivery warehouse in a nearby town for two months with the usual pass the buck&#x2F;pillar to post treatment. The extra fees plus customs they put on added up to 40% of the value of the items as well. DHL and UPS arrive within a week and are normally no higher than 25%

St Louis county just did some of this for their property declaration system. It used to set right there in the website: An ugly set of forms, but perfectly functional. Apparently they ordered a rewrite to yet another contractor, and now you get a link to.. stlouismosmartfile.tylerhost.net. Following the link, from the county&#x27;s own website, warns of a third party link! The link prompts the user to register... and the validation email, unsurprisingly, is sent to spam, and then flagged as risky by gmail! Enough red flags, you&#x27;d think it&#x27;s an old soviet military parade, but no... when you call the county, they say that yes, this isn&#x27;t them getting hacked (again), but the way things are supposed to be.<p>This is something everyone that owns any property and is a resident of the county must fill out: About half a million accounts will be created in two weeks. Making sure that all of this comes from the county&#x27;s domain? Too difficult for them. And all for a website on the other side that doesn&#x27;t look much better than the old one.

Reminds me of the &quot;householdresponse.com&quot; domain quite a few people in the UK have been exposed to at one time or another...<p><a href="https:&#x2F;&#x2F;www.bleepingcomputer.com&#x2F;news&#x2F;security&#x2F;uk-gov-keeps-repeating-its-voter-registration-website-is-not-a-scam&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.bleepingcomputer.com&#x2F;news&#x2F;security&#x2F;uk-gov-keeps-...</a>

My best theory is that FedEx outsourced the process of sending these SMS notifications to some external contractor.<p>Of course, the scammers already have the scam systems in place, so they can win the bid on price :D<p>I know this sounds ridiculous, but I doubt anything will make better sense than this :P

The Booking.com scams look better than the actual &quot;Self check and pre payments solutions&quot; links send via the Booking hotels.<p>1 time I was right it is a scam, 2 times it was wrong.<p>Booking.com should make a proper report payment circumvent button and kick out all hotels who do it.

Reading these comments makes me thankful for the existence of Nova Poshta in Ukraine. Two years of open war, and they still consistently deliver packages overnight across roughly a third of the country, and are doing their best transporting international shipments to and from Europe. Very focused on keeping things moving and avoiding losing any parcels.

Corporates are shockingly incompetent at this sort of stuff.<p>Seriously just use your main domain for URLs. For me at least that clears up 99% of this.<p>I dont want to memorise a list of valid mystery domains for each shipper. Is that really too much to ask?

Maybe its just the hunan brain bad at perception, but I feel like there&#x27;s some system compromised and info is leaked so scammers know when you are expecting a package because FedEx&#x2F;USPS spam text increases.

There really needs to be some kind of cryptographic authentication system for text messages and caller ID that gives the recipient absolute certainty about the identity of the sender. Registering a name in this system should require real-world proof of identity including a business address and the contact information of real people. There should be serious financial penalties for identity fraud. It should be an open standard that can be implemented in open source software. And all the big phone manufacturers should be legally compelled to use it.

In a Blackhat talk several years ago Adam Shostak had a clever term for companies interacting with you in ways that were indistinguishable from scammers.<p>But I can&#x27;t remember what the memorable term was.

Canada Post actually does something good here: you can pay from the tracking page. And they don&#x27;t add any fees, you just pay the duties and taxes.

One time working at a bigger company I received an email that was a very, very obvious, poorly made phishing attempt - in fact, so poorly done that I wondered if I could break the login form somehow. So I submitted bogus data to see what happened -<p>Turns out it was part of some kind of &quot;test&quot; of the company to raise awareness for phishing, and I failed the test since I submitted the form.

I&#x27;ve somewhat convinced myself that someone in the postal service is leaking information about pending parcels to scammers (or the scammers have access to some servers). Whenever I&#x27;m expecting a package the number of phishing attempts in my email skyrockets. Period of no packages - a lot less attempts. Waiting for a new package? Phishing emails ramp up again.

I just got a letter from the insurance agent that I thought was going to say &quot;THIS IS NOT A BILL&quot; but it was a cancellation notice for my homeowner&#x27;s policy. The letter was designed to be as difficult to read as possible, about 97% of the space was form letter elements that weren&#x27;t relevant, in the middle of page 2 there was an area covered with large black underlines that had the reason for the cancellation typed lightly in it.<p>It is probably time to look for a new insurance provider but I was thinking of calling back the insurance agent and telling her I was planning to run for state senate on a platform of reforming the insurance laws and legislating that you can get 20 years in prison for sending a letter that says &quot;THIS IS NOT A BILL&quot; and that insurance paperwork has to be written in English excerpting any words that are shared with Latin or French. (Which I&#x27;m sure the French would approve of)

I clicked the link to read this article because last week I received a paper letter from FedEx I initially thought was scammy.<p>It asked me to pay duty&#x2F;taxes for my $799 Prusa 3D print order that arrived just last week.<p>So now I know Troy Hunt also bought a Mk4 assemble-yourself kit from Prusa.<p>Enjoy, Troy! Mine took 8 hours to build and it works like a charm! Fantastic little machine.

And Amazon emailing me about my package due to arrive today. Clicking the link is right there and very convenient to find out which one. They won&#x27;t tell me which package because then gmail will be able to know what I&#x27;m buying (which I&#x27;m fine with).<p>These emails are the _exact same form_ that a phishing email would take.

I think this will be full of similar experiences: Some time ago my wife&#x27;s cards suddenly got all kinds of charges, clearly not ours. So we call the bank and while they put the blame on us, among other things they said the bank never ever would contact us by SMS and we may have clicked on dodgy links in one of those messages.<p>Eventually they decide we should replace all our cards. 5 minutes later we get an SMS asking us to call an unknown number to set our PIN code for the new card. It contained at least 5 warning signs as in the author&#x27;s article.<p>We call them back asking them what that SMS is about and the only explanation is &quot;That is the good kind of SMS, you can trust it&quot;<p>(Eventually we did get all stolen money back, but it took a while. We never got a plausible explanation of what may have happened and what we could do to prevent it in the future)

I bought insurance online. Some days later I got a super dodgy email telling me I should sign up for an online portal. The link was a mess and linked to a different insurance provider.<p>I called my provider. Turns out the actual insurance is handled by a sub-provider that works for a different (major) insurance... WTF

The URL part of this particular drives me insane, and it&#x27;s not particularly Fedex&#x27;s fault. But When every online retailer seems determined to keep me in their website (or a branded third party website) when I click a tracking number.<p>&quot;Track Package&quot; sure, keep me on the website.<p>But if you present me with a tracking number that you are making a link yourself, just send me to the shipper company. Bonus points when they then make it really hard to find the actual link I want on that random website they send me too. I already bought from you and will soon have your product in my hands, do I really need to be kept on a branded site that offers no extra value?<p>Emails seem to be the worst for this.<p>I feel like these companies are setting up people to be phished, when the idea that you can only track Fedex on Fedex.com is no longer true.

Last year we received an email with title<p>&gt; ACTION REQUIRED - New certificate authority for slack-edge.com<p>Capitalised letters telling you MUST do sth (check; plus &quot;as soon as possible&quot; in the body). Bad&#x2F;incosistent email layout (check). Unknown urls (slack-edge.com, slackhq.com) that resemble the services&#x27;s standard url slack.com (check). A bunch of links obfuscated behind &quot;slackhq&quot; redirects, check. Even a link that reads &quot;slack.com&quot; and points to that slackhq redirect thing. The majority thought it was scam, of course. I only suspected it may not have been scam because a scammer would have done a better job explaining what one had to actually do (and in the end there was nothing we needed to do anyway).

In illustration of the prevalence of the phish, I got a dodgy SMS from a sketchy email address that &quot;The USPS package has arrived at the warehouse and cannot be delivered due to incomplete address information.&quot; while I was reading the article on my phone.

This reminds me of the IRS phone scams. The IRS does not have an actual voice actor record their phone messages or phone tree, they just use a text-to-speech system that is commercially available<p>So, the scammers just use the same system so the phone messages you get from them sound like the same voice you hear if you actually call the IRS<p>For just a little extra money they could pay someone to exclusively record IRS messages and the voice would never be the same as the scammers (at least, until someone replicates the real voice with AI but that&#x27;s an issue for another day)

I just read an article detailing how thousands of Americans fall for scams run by Mexican cartel proposing to buy their timeshare from them. Americans buying Mexican timeshares is a big thing apparently. One guy kept getting pulled into the scams eventually paying them (and losing) $1.8MM. Others had lost tens or hundreds of thousands to the same type of scam.<p>Every time someone supposedly bought their timeshare there would be a bank fee or tax they would have to wire money for. The guy who lost $1.8MM wired money 90+ times.<p>These are lawyers and doctors, educated people getting ripped off.

This is funny to see today because I had exact same experience, but with UPS. Call came in, marked as Probable Spam. Robot voice on the line, claiming to be from UPS. Duties and taxes. I am expecting a package, so I went to the website and it was legit. Though it won&#x27;t change, because to do it right would cost them $$$. Whereas doing it wrong costs them less, and it then becomes a me problem.

Compare this to USPS, which is so secure that I can&#x27;t get back into the account I created to manage deliveries for my home address, and there is absolutely no recourse. (no customer or technical support, going into a USPS office does nothing, etc) I still receive e-mails at my old e-mail address about deliveries coming to my home, but I can not turn them off, change the e-mail address, etc.

Reminds me of the mess that the LTA are in the UK regarding getting Wimbledon tickets.<p>Over the years they&#x27;ve changed domains several times, had a breach, reset passwords multiple times, and now do part of their login via a random third party site (but to make it worse they push you to sign you up to a second form of account which logs in separately!)

Wow. Just wow. Troy Hunt does an incredible job of calling out this utterly piss-poor performance from FedEx. Shame it needs somebody with a platform like this to draw attention to it. They should find a way to make them somehow more liable for fraudulent losses.<p>It&#x27;s gotten to the point now where it sometimes actually is impossible to speak to a human being in customer service - the thick layers of chat bots, deliberately gated &#x27;contact us&#x27; pages and &quot;why not use our app&quot; nags.. ..if you&#x27;re savvy enough to know already that only a human can resolve your particular query, getting hold of one can become a time consuming and sometimes traumatic experience. (only slightly tongue-in-cheek, I do actually believe this affects mental health)

Here dutch customs doesn&#x27;t even send you links for this stuff over SMS due to all the spam.<p>They tell you to look up the package tracking number on the PostNL (the national universal delivery company) where you can pay for it. All you get over SMS is a heads-up to check and the ID to enter (you need to combine it with your zipcode).

Why didn&#x27;t he email the address provided in the SMS, which will obviously go nowhere else other than to FedEx?

Really though, What would you expect from a a company that managed to lose Tom Hanks for nearly 5 years? Even after that, he had to rescue himself first and they still screwed up his &quot;welcome back&quot; buffet meal.

Text message from my mobile carrier:<p>Be careful! Never click on links received in messages from strangers. Learn more at www.....

The biggest banks and brands in India as well as the government organizations do this type of poorly thought communications all day.<p>The other day an email from the oldest and biggest bank of India landed in my inbox<p>Truncated Subject line on mobile said &quot;Cash Withdrawls made ...&quot;<p>My heart skipped a beat because I did no such thing with my account.<p>Turns out it is a marketing mailer with subject &quot;Cash Withdrawls made Easy!&quot;<p>Facepalm.

The number of &quot;Please click this Microsoft Sway link for an important update&quot; emails that I get these days ... sigh. So far they&#x27;ve all been legit (although rarely important), but if I ever go over to the dark side, that&#x27;s what my first phishing campaign will look like.

Phishing and workflows like this are handled by the same profile of employees. Low paid, outsourced, hating their job, doing the least possible. That&#x27;s why they&#x27;re indistinguishable. Reliable workflows, record profits, high salaries and bonuses for executives - pick two.

Is it common for people to have to pay previously unknown charges to get their packages delivered? I don’t frequently make international orders, but have a few times, and have never seen this. Everything has always been charged up front.

Some of these package themed spams are amusing. I got some spam texts from a +44 number (UK) claiming to be USPS. Similarly I got a call from a +1 416 number (Toronto area) telling me they were US Customs and Border Control.

Do I see a YC pitch idea right here - a platform that gets such comms right and secure would be a right a Solution to develop. It seems major companies can’t get it right or don’t want to get it right.

There are banks in the US that send sketchy looking text message like this when you get transferred funds. They literally ask that you follow a texted url and enter your bank information.

The other thing I try to understand but just can&#x27;t is how Telco providers can be so incompetent in effectively stopping scam texts.<p>First of, texts are not encrypted and they can see ALL communication.<p>On the other hand the US forces me, using Twilio for SMS automation, to sign up &quot;campaigns&quot; with &quot;Sample messages&quot; if maybe all I want to do is building a personal assistant with text commands. My messages will get hit with fees for non compliance, or end up silently blocked without any visibility.<p>Then there are these scammers sending the same or very similar messages to millions of people, pretending to be the same 50 companies (national banks, shipping companies, cell phone carriers) - how about these $bigcorp register their &quot;campaigns&quot; to combat scams and they&#x27;ll leave me alone (one number sending texts to always the same one or handful of numbers).<p>... Oh wait I figured it out! Telco don&#x27;t care, they enjoy inflated traffic numbers in their network and charge for it - why would they stop it

So far every time I’ve gotten dodgy AF texts or emails I’ve been able to verify at the real site… crazy that FedEx doesn’t have the info attached to the tracking.

&quot;while we&#x27;re all watching for scammers attempting to imitate legitimate organisations, FedEx is out there imitating scammers!&quot;<p>Brilliant. Troy is the best.

The fact that there&#x27;s no formal difference between tax payments and scam payments should be tickling the part of your brain; this means something.

Not that I’m endorsing the use of smart phones, but FedEx does have a mobile application. Why not just use that for notifications regarding deliveries?

I have received SMS mostly a day after I ordered something of Amazon. I&#x27;m not often ordering something, so sometimes I go weeks without scam SMS.

the only other options I can think of (in the USA) are USPS and a company that I haven&#x27;t seen in so long that I wondered if they were still in business, DHL. DHL&#x27;s website is still up and running, but I guess they aren&#x27;t doing great if I never see their delivery trucks anymore. Maybe they have a stronger presence in areas away from where I live...

At this point I use sms only for 2 factor authentication WhatsApp for connecting with friends and family Email for rest of the stuff.

Can we add pharmacies calling and asking to verify your ssn and dob? It’s trained a lot of older people to trust whoever is calling.

My favorite FedEx facepalm was when they kept trying and failing to deliver a package to themselves...<p>They have an option to have your package held at a FedEx store. It&#x27;s great for when the package requires signature and you&#x27;re not able to wait at home all day for it.<p>Recently I used it. Unbeknownst to me, the FedEx store changed its physical location while the package was in transit, to a different strip mall across the highway. So for several days in a row, I was notified that FedEx attempted to deliver, but that the business was closed. Every call to customer service yielded understanding and sympathetic employees who had no idea how to fix the issue.<p>After about 5 days, something clicked, and my package showed up at the new FedEx location.

Does anyone know how to block SMS from marketers without numbers (ex: XYZ instead of 123) on Android?

Couriers are part of the reason I haven’t bought anything for years

The bar to relative excellence in our industry is so very low.

I got an sms from &quot;Nikki Haley&quot; the other week asking me to join some political rally. This has SUCH potential for abuse.<p>A) spreading misinformation. Not hard to confuse people that their polling location is closed but the inconvenient one across town is still open<p>B) fake fundraising. Blast out an sms from &quot;citizens for action&quot; who need money to support ${popular cause&#x2F;candidate}

There ought to be a law, I tell you

FedEx is trash but this kind of handling of these kinds of communications is so common it&#x27;s disgusting. I say it all of the time too. &quot;No wonder people get scammed.&quot; We get security trainings at work or get things like &quot;_company_ will NEVER ask for your password&quot; then they immediately violate their own rules.<p>It&#x27;s absurd.

Ahh yes, the FedEx GST payment system is wonderful!<p>You can find that number in the sms on an official FedEx page somewhere or other - I ended up using that as enough evidence to trust and call.<p>I get the feeling this system as a whole doesn&#x27;t see much use - from a FedEx perspective, the vast majority of people paying duty will be via some specialised importer, not b2c direct.

Yet another reason why I will try to never use FedEx. UPS is so much better.<p>Banks do similar dumb things. I once vented to a a Wells Fargo security manager about a similar issue. They had no defense at all.

Special thanks to spyrecovery36 @ gmail com for exposing my cheating husband. Right with me I got a lot of evidences and proofs that shows that my husband is a f** boy and as well a cheater ranging from his text messages, call logs, WhatsApp messages, deleted messages and many more, All thanks to Support @: spyrecovery36 @ gmail com , if not for him I will never know what has been going on for a long time. Contact him now and thank me later. Stay safe.

Obviously just call the totally normal support number shown 1 800 111 112 &#x2F;s

Maybe FedEx sees better results and gets more payments from appearing scammy? Scammers seem to do alright.<p>I know we tech people think this is type of messaging is ridiculous, but I’m constantly pulling less technical friends and family away from crap like this. Half a dozen have asked me about Elon Musk’s crypto trading breakthrough.

&gt; What makes this situation so ridiculous is that while we&#x27;re all watching for scammers attempting to imitate legitimate organisations, FedEx is out there imitating scammers!<p>Hah!