The USPS, UPS, FedEx, and DHL Text Message Phishing Scam Explained

If you receive a text or email stating that a package was not deliverable and the carrier needs to update your address, beware, it’s a phishing scam!

There are many versions of this scam, sometimes they may make it appear you have to pay import duties, but the process is about the same.

Especially during the holiday season, it seems the phishing scam messages are even more prevalent as many recipients may incorrectly believe they are receiving a package from a family member or friend that had their address wrong.

To show you how this phishing scam works, here are screenshots from a text message I received this month. I followed through with the provided link (on a secure non-trackable browser on a VPN) and stopped right before the scammers wanted my credit card information.

The Text Message Phishing Scam

I am using an example of a text message as they are more common now with most email filters sending these types of phishing messages automatically to the junk or spam folder.

Note: I am using red blocks in these screenshots to hide some personal identifiable information that could be potentially a real but innocent person’s contact details.

In this first screenshot, you can easily see the first problem with the text message. Scammers usually try to disguise the carrier name slightly to avoid being detected as a possible phishing scam. In this case, they used US/PS to make it look like this could be from the US Postal Service (USPS).

I have received similar texts like this one from scammers pretending to be from UPS, FedEx, and DHL. So, this phishing scam is not exclusive to USPS and could also come from other delivery or ecommerce companies.

Secondly, you can see the link in this text does not link to the USPS website (usps.com). Instead looks similar to a link shortened by a link shortener.

You may have seen links that began with bit.ly, goo.gl, g.co, ow.ly, t.co, or youtu.be, all of which are legitimate link-shortening services. But. whether the link is from a legitimate link shortener service or from a fake-looking one (as here), either way, it’s still a scam.

The Landing Page

Look real, right? But it’s a phishing site. Some browsers may even mark this as a phishing site, but these scammers change URLs so often, that it’s hard for browser companies to keep up.

The page shows a tracking number (which apparently has been used frequently for this phishing scam as googling it finds references to the scam) and in big red letters, a request for action to provide your shipping address.

The next screenshot shows more of the same phishing page from above. Here you can see how the scammers are trying to get all your personal information. Obviously, I provided fake info here.

I should also note that none of the links or text/buttons looking like links (except for the Continue button) are actually functional. They are just text.

The Payments Screen

Here we come to the payment screen where the scammers want you to enter your credit card information, which includes the expiration date and security code so that they can charge you $3.00 for the redelivery fee.

The US Postal Service has no such fee (yet…), but some other carriers may have redelivery fees after making multiple delivery attempts.

The Payment Success Screen

I provided the scammers with a test credit card number, which passes basic validation tests to ensure the credit card number is a correct series of numbers before being passed on to the payment processor.

In this case, I did first try a random set of 16 numbers, which failed validation, indicating this phishing page was running the numbers through this pre-test to ensure the credit card was “valid.”

However, I doubt the scammers actually ran this “charge” through a payments processor as the purpose of this phishing scam is not to collect the lousy $3 but sell the credit card number on the dark web for much more. One security site I found claims credit card data in 2022 was worth anywhere from $17-$120 on the dark web.

Here are the next two screenshots showing first a common “processing” waiting graphic while the payment is processed, followed by the “success page,” indicating the address has been updated.

Now clicking the Continue button will send you the real USPS home page, making the entire process look and feel legitimate.

What The Scammers Got

Again, the key point here is that the scammers have now a lot of information you provided. They have:

• Your name
• Your address (billing address)
• Your email address
• Your phone number
• Your credit card number
• Your credit card expiration date
• Your credit card security code

This is enough to make online purchases on many popular e-commerce sites as many will only confirm the billing address and ship to any other valid address if the security code and expiration date come back from the payment processor as valid.

In a very short period of time, the scammers can charge hundreds to thousands of dollars online, getting products shipped to a drop address.

Credit Card Fraud is a Growin Multi-Billion Dollar Business

Unfortunately, credit card fraud is continuing to move online and expand worldwide. One 2020 estimate put the problem at $11 billion a year in the US alone, with another report estimating global fraud picked up rapidly, tripling in the last decade to $32.39 billion in 2021.

Often, victims of phishing scams don’t realize they have been scammed as no unusual charges appear from the original phishing attack. It may take weeks or months before a small charge of around $1 or less may temporarily appear as a pending charge on the credit card account.

But that is enough of a “test” for the thief to know the card is “live,” so they can go on a spending spree of hundreds or thousands of dollars with the card, frequently in a very short period of time to avoid detection.

Tips for Early Detection and Prevention

Hopefully, you have not gone through such a phishing scam that snagged your credit card details. But if you suspect it may have happened, call your bank or credit card company’s security or fraud department and immediately request a new card number.

Many credit and debit cards today offer an immediate notification of pending charges, via text, email, or as a pop-up notification on their mobile app. I highly recommend opting in for those, even if you don’t use some cards often. It’s an early warning system, especially if you see a very small charge you don’t recognize.

Make it a daily routine to check your credit card accounts at least once per week and your debit accounts daily. The reason I suggest a daily check on debit card accounts is that is money that is immediately withdrawn or unavailable from your bank account, not just a reduction of your available credit.

While almost all credit and debit cards today come with some sort of fraud protection where there is no risk to you, debit cards can sometimes take longer to resolve. And it’s money out of your pocket now.

This is also the reason I never use debit cards online, but only at the bank or a trusted major grocery store or retailer where I can be almost certain, there is a near-zero risk of someone having hacked the terminal to steal my debit card details.

Big Tip: Never use a debit card at restaurants, where the card itself goes out of your view while the server is finalizing your check. If the server is unscrupulous, he or she may run it through a skimmer to grab all the card information.

I hate to put that industry in such a bad light, but I’ve one credit card I use for all my travel expenses, especially in restaurants, and it’s the one card that I have had to replace at least once per year due to fraudulent charges.

More restaurants are switching over to tableside terminals in the US, something very common in Canada and other foreign countries. This would improve security as the card would never leave a diner’s possession as they are processing the card through this tableside terminal themselves.

In Conclusion

While we here at eSeller365 mostly provide information to small business online merchants and marketplace sellers, I thought this is good information for online business owners to know as well.

A customer may contact you asking why an address is incorrect on an order and why they had to pay to correct it, now they know why. These phishing scams don’t show the sender, so customers may think the update our address message is from a recent order they may have placed with your store.

By explaining what may have happened, you can help your customer from getting scammed. And they are less likely to blame you as research shows customers will not return if they suspect the fraud somehow originated with the online merchant.

And while the example I used here is from a text message I received, as I mentioned already, there are many variations of this phishing scam and they all follow the same general pattern. UPS posted examples in a PDF document showing similar phishing attacks via email and in different languages.

Always be on the lookout for anything that seems strange!

Richard Meldner

Richard is co-founder of eSeller365. He has over 17 years of experience on eBay which includes tens of thousands of sales to buyers in over 100 countries and even has experience with eBay’s VeRO program enforcing intellectual property rights for a former employer. And for about two years Richard sold products on Amazon using Amazon FBA in the US.

To “relax” from the daily business grind, for a few weekends a year, he also works for IMSA as a professional race official.