Url looks suss. Seems kinda sophisticated for the usual ups fishing scam. Here’s the text message I got leading here.
“Wishing you a bright and sunny day!” Lol, I almost want to help this guy by explaining that UPS and American companies in general have disdain for their customers and would never wish them to have anything that would not benefit the company.
Why the fuck did you click a link like that in the first place? That first message is basically screaming at you that it’s a phishing attempt.
Best opsec is to delete and block, ideally without opening it at all to avoid read receipts (if that’s a function in your phone). If you think it might be legit, go to the website on your own and find a way to confirm independently. If that’s still too much to follow through with, at the very least don’t click random links sent to you unprompted.
Hey dude, you had an opportunity to educate someone and instead you belittled them. As someone who works in cyber, please don’t do that. People get stigmatised against cyber and IT professionals and they stop trusting us. Users don’t know what we do, so be kind to them the way you should be kind to anyone learning new things. https://xkcd.com/1053/
Could someone educate me on the possible damage clicking a link can bring, assuming I’m not interacting with the website any more than that?
Not doubting there’s damage, just curious. I’d think they’d get some maybe usable info from fingerprinting or something? Could javascripts lead to more serious problems?
The least it wil do is confirm your email to be in use for further scams.
If you do nothing but click the link and then close the resulting website without clicking anything else, all that will happen is that they’ll know you’re someone who clicks such links and you’re likely to get more of them.
There could theoretically be a vulnerability in your browser that would allow them to infect you with viruses, but such vulnerabilities are much much more valuable used elsewhere (or cashed in through security research bounties). One I’ve seen is that the page further phishes you into downloading and installing an “update” to your browser that’s really a virus, or they simply try to phish you out of money, for example by asking you to pay the shipping costs again.
It’s also a way to build lists of who actually clicks the links, that they resell to the next sucker (scamming is suckers all the way down, they all buy The Next Big Technique from some guy), ensuring you will get further spam in the future.
There’s actually a fun technique to do to avoid further spams when it comes to voice calls. A little know fact is that elevator call buttons are actually just phones that have a phone number, and if you dial the number, it will automatically answer and you will hear whatever is in the elevator (generally nothing). If you pick up but don’t say a word, their automated systems will flag you as an elevator phone number and they will stop calling in order to stop wasting resources on calling numbers that won’t lead to money.