Beware of the USPS “Package Was Lost En Route” Scam
Written by: Thomas Orsolya
Published on:
The United States Postal Service (USPS) delivers millions of packages every day. Unfortunately, scammers are taking advantage of USPS’ huge delivery volume by sending phishing messages claiming packages were lost en route. Don’t let them fool you – this “USPS Package Was Lost” scam is entirely fake, aimed at stealing your personal information and money.
This article contains:
“USPS Package Was Lost En Route” Scam Overview
The “USPS Package Was Lost En Route” phishing scam starts with potential victims receiving a text message or email seemingly from the postal service. The message claims a package intended for you has gone missing somewhere along its delivery route. Scammers then urge you to click a link to confirm or re-enter your shipping details so they can resend the lost package.
This is where the scam really begins. The link leads to a fake USPS lookalike site that prompts you to enter personal, financial, and account login information. Armed with this data, scammers can steal your identity and make fraudulent purchases or transfer funds from your bank account.
This scam is essentially a form of phishing, which uses social engineering techniques to deceive recipients into handing over sensitive data. By posing as a package carrier, scammers take advantage of victims’ expectations of deliveries and desire to receive lost items. Let’s explore exactly how this USPS scam works from start to finish.
Step-by-Step: How Scammers Carry Out the “USPS Package Was Lost En Route” Scam
Scammers use very clever psychological tricks to successfully pull off the “USPS Package Lost En Route” scam. Here are the 5 main steps they follow:
1. Scammers send a phishing email or text impersonating USPS.
The first step is to make contact with potential victims by sending a seemingly legitimate text or email from USPS. The message appears to come from a real USPS email address or phone number, but the sender details are spoofed.
The email may even use USPS branding, logos, and messaging styles to appear authentic. This convinces recipients the message is from the postal service vs. a scammer.
2. The message claims a package intended for you was lost en route.
The phishing message states that a package you were supposed to receive got lost somewhere along its USPS delivery route. Reasons given include insufficient address details, improper packaging causing damage, or delivery to the wrong address.
Scammers write the message to create urgency, such as claiming the package contains important documents or medications that need to arrive immediately. This pressures victims into taking action quickly.
3. You are instructed to click a link to resolve the delivery problem.
The phishing email or text includes a link for you to click on to supposedly provide the correct shipping details so USPS can resend the lost package. The message stresses urgency, giving short time windows like 24-48 hours to take action before the package is returned.
In reality, the link goes to a fake USPS site run entirely by the scammers ready to steal your information. But victims don’t realize this since the link and site look legitimate at first glance.
4. The phishing site prompts you to enter personal information.
Once you click the link, you are taken to an official-looking copycat USPS site. The site asks you to re-enter and “confirm” things like your full name, shipping address, phone number, and sometimes even credit card number or social security number.
Scammers may say providing this data is required for identity verification purposes before USPS can resend your lost package. But in reality, they just steal it.
5. Scammers steal your details for identity theft and financial fraud.
Armed with your personal information, scammers can now carry out identity theft, access and drain your financial accounts, make illicit purchases with your credit card details, steal government benefits, file fake tax returns, and more.
They may also sell your data on the dark web for other cybercriminals to use in fraud schemes. Either way, you’re left seriously at risk once scammers have your information.
Don’t Become a Victim – Spot This USPS Scam Before It’s Too Late
While this USPS package delivery scam can seem convincing, there are some red flags you can watch for:
The sender’s address does not match an official USPS domain – Phishing emails will show a forged address instead of a real usps.com address.
Strange links that don’t match USPS tracking sites – Phishing links may have misspellings or unusual domains unrelated to USPS.
Spelling and grammar errors – Phishing emails often contain typos, awkward phrasing, or syntax errors.
Threats demanding immediate action – Real USPS messages won’t threaten account suspension or make unreasonable demands.
Requests for sensitive data over email/text – USPS does not request your social security number, account passwords, or financial details over digital communications.
If you receive a suspicious message, do not click any links or provide the requested personal details. Instead, report the phishing scam to USPS directly so they can attempt to shut it down.
What To Do If You Were Scammed: Steps to Take Now
If you did fall victim and shared any sensitive information, take these steps immediately to limit the damage:
1. Alert your bank and credit card companies.
If you revealed financial data, call your credit card issuer and banks to report what happened. Cancel any compromised cards right away and dispute unauthorized transactions with fraud departments. Temporarily lower debit/credit limits to reduce future risk.
2. Watch all statements closely for signs of misuse.
Carefully monitor bank, credit, and all other account statements for fraudulent charges, transfers, and withdrawals. Unusual activity like small charges from new vendors can be signs of stolen payment data. Report any crimes immediately.
3. Reset all account passwords compromised by the scam.
Change login credentials on any apps, sites, or accounts that you entered into the phishing site. Use unique, complex passwords for each account going forward. Enable two-factor authentication for an added layer of security on high-risk accounts.
4. Place fraud alerts and check your credit reports.
Contact one major credit bureau to place an initial 90-day fraud alert on your credit file. The alert requires lenders to verify your identity before opening new credit lines, making it harder for scammers to use your data. Also order your free annual credit reports to check for accounts opened without authorization. Monitor reports regularly for signs of additional identity theft.
5. Freeze your credit if identity theft occurred.
If scammers already misused your personal information for financial gain, consider placing a credit freeze at all three bureaus. This restricts access to your credit file, stopping thieves from opening new lines of credit. But it also prevents you from applying for credit unless temporarily lifted. Alternatively, request a free one-year fraud alert extension.
6. File an FTC and IC3 complaint.
Report the phishing scam to the Federal Trade Commission and Internet Crime Complaint Center. Provide details on how the scam occurred, losses incurred, and information on the scammers if known. Officials can then investigate, use the data to stop future related scams, and prosecute offenders where possible.
How To Avoid Falling Victim to This and Other Delivery Scams
Use caution to protect yourself from this and other common delivery or package-tracking scams in the future:
Never click direct links in unsolicited texts, emails, or robocalls regarding deliveries. Manually look up tracking through official carrier apps/sites instead.
Avoid giving sensitive personal, financial, or account information over the phone, email, text, or online forms unless you directly contacted the company and are certain the request is legitimate.
Always double check senders’ contact information before trusting delivery notifications. Confirm it matches official domains/phone numbers of the company claimed.
Watch for phishing red flags like typos/grammatical errors, threats demanding immediate action, or requests for sensitive data from companies. No legitimate organizations will threaten you in messages or demand immediate payment/personal details to avoid account suspension.
Never trust requests to “confirm” or “re-enter” personal or payment data due to delivery issues. Legitimate carriers already have your details on file if you placed an order.
Set up account alerts for payment cards and bank accounts to monitor transactions in real time. Report anything suspicious to institutions immediately so they can freeze affected accounts.
Stay vigilant for phone, email, and text delivery scams by validating senders, watching for red flags, and keeping personal details protected. Consult carriers directly through official channels if you need to inquire about lost or delayed packages.
Frequently Asked Questions About the USPS Package Lost Scam
What is the USPS “package lost” scam?
This is a phishing scam where scammers send fake text messages or emails impersonating the USPS. The messages claim a package intended for you was lost en route and ask you to click a link to update your shipping details so they can resend it. But the link leads to a fake website that steals your personal information.
How do I recognize this USPS scam?
Watch for texts/emails about lost packages that seem urgent and ask you to click a link to resolve the issue. The sender address should match an official USPS domain – if not, it’s a scam. Odd links, grammar errors, threats about suspended accounts, or requests for sensitive info are also red flags.
What happens if I click the link in the scam message?
You will be taken to a fake website masquerading as a USPS site. It will ask you to enter personal details like your name, address, phone number, credit card info, etc. to resend your “lost” package. In reality, scammers will just steal your details for identity theft and financial fraud.
What should I do if I shared information through the phishing site?
If you entered any sensitive details, contact banks/credit cards immediately to close compromised accounts and dispute fraudulent transactions. Also change passwords, check credit reports, place fraud alerts, file complaints with the FTC and IC3, and monitor your statements closely for signs of additional misuse of your information.
How can I safely track a USPS package?
Go directly to usps.com or use the official USPS app to track packages instead of clicking links in emails/texts claiming to be from USPS. Legitimate tracking links should show usps.com in the URL. USPS also does not send tracking texts/emails containing links unless you specifically sign up for them.
How do I report this USPS phishing scam?
Forward scam emails to spam@uce.gov and report the phishing scam to USPS online or by calling 1-877-876-2455. You can also file complaints about scam texts at ftc.gov and fraudulent sites at ic3.gov to help authorities combat these USPS phishing tactics.
How can I avoid delivery scams in the future?
Never click direct links about packages from unknown sources. Verify sender addresses are real. Check for phishing red flags in messages. Avoid entering personal/financial details online unless you initiated contact. Use multi-factor authentication on accounts. Monitor statements and set up transaction alerts.
Is Your Device Infected? Check for Malware
If your device is running slowly or acting suspicious, it may be infected with malware. Malwarebytes Anti-Malware Free is a great option for scanning your device and detecting potential malware or viruses. The free version can efficiently check for and remove many common infections.
Malwarebytes can run on Windows, Mac, and Android devices. Depending on which operating system is installed on the device you’re trying to run a Malwarebytes scan, please click on the tab below and follow the displayed steps.
Malwarebytes For WindowsMalwarebytes For MacMalwarebytes For Android
Scan your computer with Malwarebytes for Windows to remove malware
Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.
Download Malwarebytes for Windows
You can download Malwarebytes by clicking the link below.
After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.
Follow the On-Screen Prompts to Install Malwarebytes
When the Malwarebytes installation begins, the setup wizard will guide you through the process.
You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.
Malwarebytes will now begin the installation process on your device.
When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.
On the final screen, simply click on the Open Malwarebytes option to start the program.
Enable “Rootkit scanning”.
Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.
In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.
Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.
Perform a Scan with Malwarebytes.
To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.
Quarantine detected malware
Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.
Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.
Restart your computer.
When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.
Your computer should now be free of trojans, adware, browser hijackers, and other malware.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Scan your computer with Malwarebytes for Mac to remove malware
Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.
Download Malwarebytes for Mac.
You can download Malwarebytes for Mac by clicking the link below.
When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.
When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.
The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.
To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.
Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.
Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
Your Mac should now be free of adware, browser hijackers, and other malware.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Scan your phone with Malwarebytes for Android to remove malware
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
Your phone should now be free of adware, browser hijackers, and other malware.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
Don’t Let Scammers Steal Your Personal Information
Fake delivery scams impersonating USPS and other carriers continue surging as more commerce shifts online. Whether over text, email, or phone, their goal is always the same – gather enough of your personal data to commit identity theft and financial fraud. But staying aware of common phishing tactics like urgent demands, threats, and requests to confirm sensitive information can keep you from compromising your data and falling victim when scammers impersonate postal services and delivery companies.
How to Stay Safe Online
Here are 10 basic security tips to help you avoid malware and protect your device:
Use a good antivirus and keep it up-to-date.
It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.
Keep software and operating systems up-to-date.
Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.
Be careful when installing programs and apps.
Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."
Install an ad blocker.
Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.
Be careful what you download.
A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.
Be alert for people trying to trick you.
Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.
Back up your data.
Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.
Choose strong passwords.
Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.
Be careful where you click.
Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.
Don't use pirated software.
Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.
To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.
Meet Thomas Orsolya
Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.
