Package Delivery Scam

Overview of the Scam

Package delivery scams arrive as text messages or emails pretending to be from USPS, FedEx, UPS, or another carrier. They claim a package could not be delivered and that you need to take some action - pay a small redelivery fee, confirm your address, or click a link to reschedule - before your package can be released.

The messages are effective because most people are regularly expecting at least one delivery. When a message arrives saying something is on hold, it feels completely plausible. The small fee requested - often $1 to $3 - seems inconsequential, which is precisely why it works: the low dollar amount lowers suspicion and gets victims to enter their card details without much thought.

Clicking the link in these messages leads to a fake website designed to steal your payment card information or install malware on your device. The package does not exist, the fee serves no purpose, and any information you enter goes directly to the scammer.

How the Scam Works

Package delivery scams are simple and fast-moving. Here is the typical sequence.

• You receive a text message or email appearing to come from USPS, FedEx, UPS, DHL, or another carrier. The message says a package addressed to you could not be delivered and is being held. A tracking number is often included to add legitimacy.
• The message provides a link to resolve the issue - to confirm your address, pay a small redelivery or customs fee, or reschedule your delivery. The link appears to go to the carrier's website but leads to a fraudulent page.
• The fake website is designed to closely match the real carrier's site. It asks you to enter your name, address, and payment card details to pay the small fee and release the package.
• You enter your information and pay the fee. The scammer now has your card number, expiration date, security code, billing address, and name - enough to make fraudulent purchases or sell your information.
• The "package" never arrives because it never existed. You may also begin to see unauthorized charges on your card as the scammer or their buyers use your payment details.

Common Variations

While the core pattern is consistent, package delivery scams take a few different forms.

• Redelivery fee text: The most common version. A text message says your package could not be delivered and a small fee is required to reschedule. The link leads to a fake payment page.
• Address confirmation request: Rather than requesting money, the message asks you to confirm or update your delivery address through a link. The fake site collects your personal information even without a payment component.
• Customs fee scam: A message claims a package from abroad is being held at customs and requires a duty or customs clearance fee before it can be released. This version often targets people who have recently ordered from international retailers.
• Email version with attachment: An email claiming to be a delivery notification includes an attachment - described as a delivery slip or invoice - that contains malware when opened.
• Missed delivery door hanger: In a physical version of this scam, a fake door hanger is left at your home instructing you to call a number or visit a website to reschedule your delivery. Both lead to scammers.

Example Scam Messages or Pop-Ups

The example below shows a typical package delivery scam text message. These messages are brief, urgent, and designed to look like a routine carrier notification.

The message uses the carrier's name and logo, includes a tracking-style number, and requests a small fee that feels insignificant. The link uses a URL that looks vaguely like the carrier's real website but is slightly different - an extra word, a different domain extension, or a hyphenated variation. Hovering over or carefully reading any link before clicking it is one of the simplest ways to identify these messages as fraudulent.

Common message text includes: "USPS: Your package has been held due to an incomplete address. Pay a $1.99 redelivery fee to reschedule: [link]," "FedEx Alert: Your delivery requires a customs fee of $2.50 before release. Click here to pay: [link]," and "Your package could not be delivered. Update your delivery preferences here to avoid return to sender: [link]."

Warning Signs

These signals indicate a delivery notification is fraudulent rather than a real message from a carrier.

• You were not expecting a package, or the message provides no specific information about what is being delivered or who sent it.
• The message asks you to pay any fee by clicking a link in the text or email. Real carriers do not collect fees this way.
• The link in the message leads to a URL that is not the carrier's official domain - it may look similar but contains extra words, different endings, or slight misspellings.
• The message creates urgency - your package will be returned or destroyed if you do not act within 24 hours.
• The text came from a regular phone number rather than a short code or official business number, or the email came from a generic address rather than a carrier's official domain.
• The message asks for more information than a simple address update should require - payment card details, your full Social Security number, or account login credentials.
• The tracking number in the message does not show any results when entered directly on the carrier's official website.

Who Scammers Often Target

Package delivery scams are sent in bulk to as many numbers and email addresses as possible. Because most people in the US receive regular deliveries, the message has a high chance of arriving when a real delivery is expected - which makes the timing feel like confirmation rather than coincidence.

Older adults and frequent online shoppers are particularly targeted. People who regularly order from Amazon, other retailers, or mail-order services are more likely to have an active expectation of delivery at any given time, making the scam message feel more plausible.

What the Scammer Is Trying to Achieve

The primary goal is payment card information. Even though the fee is small, the card details you enter - number, expiration date, security code, and billing address - are worth far more than the fee amount. Scammers use this data to make larger unauthorized purchases or sell it in bulk to other fraudsters.

Some versions of the scam also aim to install malware through a malicious link or attachment, which can harvest additional information over time or give the scammer access to your device.

What To Do If You Encounter This Scam

If you receive a text or email like this, here is how to handle it safely.

• Do not click any link in the message. Even if you think you might be expecting a package, go directly to the carrier's official website by typing the URL yourself rather than using the link provided.
• If you have a real tracking number from a recent order, enter it directly on the carrier's official website to check the status. This will tell you whether there is actually a delivery issue without exposing you to any risk from the scam link.
• Do not call any phone number provided in the message. Look up the carrier's customer service number on their official website if you need to contact them.
• Report the message as spam or phishing to your mobile carrier by forwarding it to 7726 (SPAM). You can also report it to the FTC at ReportFraud.ftc.gov.
• Delete the message. Do not respond to it, as responding can confirm your number is active and lead to more scam contacts.

If You Already Paid or Shared Information

If you clicked the link and entered your card details or other information, act quickly.

How To Prevent Package Delivery Scams

A few simple habits make these scams straightforward to avoid.

• Never click a link in a delivery notification text or email to pay a fee or update your address. Go directly to the carrier's official website instead.
• Check the URL carefully before clicking anything. Real carrier websites are usps.com, fedex.com, ups.com, and dhl.com - any variation from these exact domains is a red flag.
• Track your packages directly. When you place an order, save the tracking number and check it directly on the carrier's site rather than relying on notification links.
• Set up official tracking notifications through the carrier's real app or website. That way you have a baseline for what legitimate notifications from that carrier actually look like.
• Be skeptical of any delivery notification that asks for payment. Real carriers include any applicable fees in the shipping cost at the time of purchase - they do not chase you for additional payments by text after the fact.