How to Spot Fake Delivery Notification Scams (UPS, FedEx, USPS)
Fake delivery notification texts and emails are one of the most common phishing scams. Learn how to identify them and protect yourself.
How to Spot Fake Delivery Notification Scams
"Your package could not be delivered. Update your address here: http://usps-redelivery.xyz"
If you've received a text like this, you're not alone. Fake delivery notifications — impersonating UPS, FedEx, USPS, Amazon, and DHL — are one of the most common phishing scams. Here's how to tell them apart from real alerts.
Types of Delivery Phishing
| Impersonated Company | Example Message | Scam Goal |
|---|---|---|
| USPS | "Delivery failed, update address" | Steal personal info |
| UPS | "Package held, pay customs fee" | Steal payment info |
| FedEx | "Shipment delayed, track here" | Install malware |
| Amazon | "Order issue, verify account" | Steal login credentials |
| DHL | "Customs clearance required" | Steal credit card |
Current Trends (2025-2026)
- Customs fee scams — "Pay $2.99 customs fee to release your package"
- Address update requests — "We couldn't verify your delivery address"
- Redelivery scheduling — "Your package will be returned. Schedule redelivery"
How to Identify Fake Delivery Texts
1. Check the URL
| Real | Fake |
|---|---|
| usps.com | usps-delivery.xyz |
| ups.com | ups-tracking.net |
| fedex.com | fedex-redelivery.com |
Real carriers only use their official domains. If the domain looks off, don't click.
2. App Installation Requests = Scam
No legitimate carrier will ask you to install an app via text message. If a text says "download our tracking app," it's malware.
3. Personal or Payment Info Requests = Scam
Real carriers never ask for your SSN, credit card number, or bank details via text or email.
4. Watch for Shortened URLs
Links using bit.ly, tinyurl.com, or other shorteners hide the real destination. Legitimate delivery notifications use full official URLs.
5. Urgency = Red Flag
"Respond within 24 hours or your package will be returned" — this pressure tactic is designed to make you act without thinking.
What to Do If You Receive a Phishing Text
If You Didn't Click
- Delete the message
- Block the sender
- Report it: forward the text to 7726 (SPAM)
If You Already Clicked
- If you installed an app — Turn on airplane mode, delete the app, run antivirus
- If you entered personal info — Change passwords immediately for affected accounts
- If you entered payment info — Call your bank/card company immediately to freeze the account
- Report to the FTC at reportfraud.ftc.gov
How to Verify Real Delivery Notifications
When a delivery notification seems suspicious:
- Use the official app — Track directly in the UPS, FedEx, or USPS app
- Go to the website directly — Type the carrier's URL in your browser; don't click the text link
- Call customer service — If in doubt, call the carrier directly
Build Safer Link-Sharing Habits
Delivery phishing works because we're conditioned to click links in messages without thinking. When you share important links, make them distinguishable from phishing attempts.
With LOCK.PUB, you can create password-protected links with expiration dates. Only people who know the password can access the content — making it clear the link is legitimate and intended for them.
Prevention Checklist
- Never click links in unexpected delivery texts
- Track packages only through official apps and websites
- Ignore texts requesting app installation
- Keep your phone's software and security apps updated
- Report suspicious texts to 7726 (SPAM)
- Share these tips with family members, especially elderly relatives
FAQ
Q: Do real carriers send text notifications?
Yes, but only if you opted in. Real notifications never ask you to install apps, enter personal info, or make payments via text.
Q: Can clicking a link alone cause damage?
Usually not, but it can lead to a phishing site. The real damage comes from installing apps or entering information. When in doubt, take immediate action.
Q: Are iPhones immune to these scams?
iPhones resist malware installation, but if you enter your credentials on a phishing site, you're just as vulnerable as anyone else.
Delivery phishing can trick anyone. Always verify before clicking. And when you share important links yourself, use LOCK.PUB to add password protection — so your recipients can tell the difference between a real link and a scam.
Keywords
You might also like
What Is Smishing? How to Spot and Stop SMS Phishing Attacks
Learn what smishing is, the most common SMS phishing patterns, and practical steps to protect yourself from text message scams.
How to Prevent AirDrop Spam and Harassment: A Complete Guide
Strangers sending unwanted photos via AirDrop is a growing problem on public transit and crowded spaces. Learn how to block AirDrop spam and protect yourself.
How to Spot Amazon Phishing Emails & Texts: A Complete Prevention Guide
Learn to identify fake Amazon emails and SMS scams with practical tips, real examples, and security best practices to protect your account.
Create your password-protected link now
Create password-protected links, secret memos, and encrypted chats for free.
Get Started Free