I got a text from some random number:
U S Po st O ffice - Your package is with us, but we couldn't deliver it due to incomplete address information. Please update your details within 48 hours to ensure successful delivery. Click the link: https://t.co/lMeg8IZVfu?Rjk=iz518dOizI
We'll schedule a new delivery within 24 hours after address verification.
Regards,
U S Po st Off ice.
It went to a form prompting for my name, home address and email/phone number.
I filled out the form without thinking much about it, didn't at first enter the email/phone because I thought it looked suspicious but then decided to do it anyways because they obviously already had the phone number.
The second page of the form was for a credit charge of .19 cents for a 'charge' for a redelivery. Chrome prompted to fill in the credit card info and I did it, didn't put in the security code and looked closely at the domain...
usco.dbgsmk.top
I looked up usps domains - it wasn't there... and I tried going to the index page for the domain and it was a bunch of chinese..
Question 1: how likely is it that the second form posted my credit card number?
Question 2: how bad is it if they got the credit card number w/o the security code?
I've locked the number but I'd rather not have to replace it...
