Skip to content
Breachfolio
GUIDES · PHISHING

Package Delivery Text Scam: What to Do Right Now

Protect yourself from fake courier texts and emails asking for delivery fees.

July 17, 20266 min read

You receive a text message or an email that looks like it is from a major courier service like USPS, UPS, FedEx, or DHL. The message claims that your package delivery has failed because of an address error, an unpaid customs fee, or a delivery charge that requires your immediate attention. It provides a link and asks you to pay a small amount—often less than two dollars—to get your package moving again. This is a common and dangerous package delivery text scam designed to steal your personal information and credit card details.

Recognizing the Package Delivery Scam

Scammers use urgency and the familiarity of trusted brands to trick you. They know that online shopping is part of daily life, and the anticipation of a package makes you more likely to click without thinking. These messages are almost always unsolicited. If you did not recently order a package or sign up for delivery notifications from that specific carrier, consider any such message an immediate red flag.

Common hallmarks of these phishing attempts include:

  • Generic or strange sender information: The message may come from a random phone number or an email address that does not end in the company’s official domain (e.g., info@delivery-support-123.com instead of @usps.com).
  • Urgency: The text or email threatens that your package will be returned to the sender or destroyed if you do not act within a few hours.
  • The Link: The link provided does not lead to the official website of the courier service. It often looks suspicious, using misspellings or redirected URLs.
  • Request for payment: Official courier services will generally contact you about customs fees or delivery issues through their own secure portals. They rarely send text messages asking for credit card payments to resolve a delivery issue.

Immediate Actions If You Clicked the Link

If you clicked the link or provided your information, it is important to act quickly to minimize the risk of identity theft or financial loss. Your primary goal is to secure your accounts and monitor for suspicious activity.

  1. Contact your bank: Call the financial institution that issued the credit or debit card you entered into the phishing site. Tell them you believe your card details were compromised. They will cancel the card and issue a new one to prevent unauthorized charges.
  2. Change your passwords: If you created an account on the phishing site, use the same password for any other important accounts, or if you provided a username and password, change your passwords immediately on your legitimate accounts. Enable multi-factor authentication (MFA) everywhere it is available.
  3. Check your credit report: Monitor your credit reports for unauthorized accounts opened in your name. You can access free reports via AnnualCreditReport.com, which is the official site authorized by the US government.
  4. Document the interaction: Take screenshots of the suspicious message for your records, but do not interact with the message again. Block the sender.

Identifying Legitimate Courier Communication

Courier services maintain strict policies regarding how they communicate with customers. Understanding these differences can help you spot a scam before you ever click.

Feature Official Communication Scam Communication
Sender ID Comes from known, official domains or short-codes Random phone numbers or unofficial domains
Payment Request Handled through secured, encrypted portals Asks for card details via a suspicious link
Tone Informative and professional Creates panic or artificial urgency
Tracking Provided via the company's verified website Requires you to "re-verify" or pay a fee

Reporting the Scam

Reporting phishing attempts helps law enforcement track these criminals and protects other consumers. Do not simply delete the message; take a moment to report it to the appropriate authorities.

You can report phishing attempts through the following channels:

  • Federal Trade Commission (FTC): Visit ReportFraud.ftc.gov to report the scam. This provides the FTC with essential data to track trends.
  • Cybersecurity and Infrastructure Security Agency (CISA): You can report phishing emails to CISA, which helps the government identify and mitigate cyber threats.
  • The Courier Service: Most major carriers have dedicated channels for reporting fraud. For example, USPS suggests sending the suspicious text to 7726 (SPAM) or emailing them at spam@uspis.gov. Check the official website of the courier mentioned in the message for their specific reporting instructions.
  • Internet Crime Complaint Center (IC3): If you suffered a financial loss, file a formal complaint at IC3.gov.

Preventing Future Phishing Attacks

Protecting yourself from future attacks requires a proactive approach to your digital safety. Most phishing scams rely on your curiosity or fear. By following a few simple digital hygiene rules, you can significantly reduce your risk of falling victim to these scams.

First, never click links in text messages or emails that you were not expecting. If you are waiting for a package, go directly to the courier's official website by typing the address into your browser manually, or use the official mobile application you have previously downloaded. Never rely on links provided in unsolicited communications.

Second, keep your software updated. Operating systems and web browsers frequently receive security patches that protect you against common exploits used by scammers to redirect your browser or install malicious software. Turn on automatic updates on your computer, smartphone, and tablet.

Third, be skeptical of "small fees." Scammers often ask for amounts like $1.99 or $2.50. This low barrier to entry is intentional; it is a small enough amount that many people will pay it without checking with their bank or questioning the charge. Always remember that legitimate companies will communicate high-stakes issues, such as customs fees, through official, verifiable channels, usually involving formal documentation rather than a text-message payment link.

Finally, consider the context of the message. If you did not order anything, there is no package. If you did order something, check the order status on the website where you made the purchase. If there is a delivery issue, that retailer will be able to tell you exactly what is happening, and they will never send you a text message that demands a payment to a third-party site to "release" your goods. Staying calm and verifying information through official sources is your best defense against any form of digital manipulation.

By staying vigilant, you protect not only your bank account but also your personal data. Remember, if a message feels wrong or forces you into a sense of immediate panic, it is likely a scam. Stop, verify, and report. Following these steps ensures that you remain in control of your digital identity and your financial security.

It is also worth noting that some of these scams involve what is known as "smishing," or SMS phishing. These are becoming increasingly sophisticated. Even if a message appears to come from a number you recognize as a courier, be cautious. Technology allows scammers to "spoof" phone numbers, making them appear as if they are coming from a legitimate organization. Always default to the official website or a phone number you have found independently for the service provider, rather than using any contact information provided in the message itself.

Finally, if you have entered sensitive information like your Social Security number, you should consider placing a fraud alert on your credit reports. You can do this by contacting one of the three major credit bureaus (Equifax, Experian, or TransUnion). Once one bureau is notified, they are required to notify the others. This is a free service that makes it harder for identity thieves to open new accounts in your name using your stolen information. Staying aware of these resources and how to use them is a cornerstone of modern consumer safety.

The one-sentence version. If you receive an unexpected message about a package delivery fee, do not click the link. It is likely a phishing scam. If you already clicked, contact your bank immediately.

Frequently asked questions

What should I do if I get a delivery text but I did not order anything?
If you did not order a package, do not click the link or reply. Simply delete the message and block the sender's number.
How can I tell if a delivery message is real?
Official carriers will not send unsolicited texts asking for credit card payments to release a shipment. Use their official website to track your orders.
I paid the fee, what are my next steps?
Contact your bank immediately to cancel the card you used. Monitor your credit reports and report the incident to the FTC at ReportFraud.ftc.gov.