Beware of the Canadian Customs Invalid Zip Code Text Scam

Photo of author

Written by: Thomas Orsolya

Published on:

A new phishing scam has surfaced targeting unsuspecting Canadians with fraudulent text messages claiming issues delivering their parcels. The deceptive texts state invalid zip code information is preventing delivery and urge victims to click a link to verify their address. However, the link leads to a sophisticated fake Canadian Customs website designed to steal personal and financial information. This in-depth guide will uncover everything you need to know about spotting and stopping this scam.

245
Canada Post Scam

Scam Overview

This parcel delivery scam starts with an unsolicited SMS text message stating there is a problem clearing your package through Canadian Customs due to invalid zip code information. The text claims your parcel is “temporarily detained” and cannot be delivered until you confirm your full address in a provided link.

However, the link actually leads to a convincing phishing site dressed up to resemble the real Canada Post website. If victims input their personal details, this sensitive information goes directly into the hands of scammers.

Here is an example of the text message victims receive:

“Canadian Customs: You have a parcel being cleared, due to the detection of an invalid zip code address, the parcel can not be cleared, the parcel is temporarily detained, please confirm the zip code address information in the link within 24 hours.

[Malicious link]

Please reply with a Y, then exit the text message and open it again to activate the link, or copy the link into your Safari browser and open it. Have a great day from the Canada Post team!”

This message is filled with typos, grammar errors and other red flags. But the premise seems believable enough: a simple zip code mistake is holding up delivery of your package. Most recipients won’t think twice before clicking the link to correct the supposed address error.

After all, people are accustomed to receiving shipping notifications by text. And with the massive volume of parcels now shipped worldwide, an occasional customs delay seems reasonable.

But the truly devious part is what happens when you click the link. Victims are taken to an extremely realistic fake website mimicking the look and feel of the official Canada Post site. An online form asks you to enter personal details like your full name, address, phone number, date of birth and sometimes other info like credit card numbers.

Victims dutifully input their information, expecting this will release their stuck shipment. But in reality, everything they enter goes right into the fraudsters’ hands.

Armed with names, addresses, phone numbers, dates of birth and credit cards, scammers can go on an identity theft rampage. They can open fake accounts, make unauthorized purchases, access your existing accounts, or sell your information on the dark web.

This simple scam enables serious identity theft and financial fraud repercussions. And unsuspecting Canadians hand over the keys to their identity simply by trying to retrieve a non-existent package.

How the Canadian Customs Zip Code Scam Works

Fraudsters rely on a simple but extremely deceptive process to execute this scam:

Step 1. Victims Receive a Text About an Undelivered Parcel

You receive an unsolicited SMS text message stating there is a problem clearing your package through Canadian Customs due to invalid zip code information. The message says your parcel is temporarily detained and provides a link to confirm your full address.

Of course, you never ordered a package shipping from overseas. But the message seems legitimate enough, possibly just a mix-up.

Step 2. The Link Goes to a Fake Canada Post Website

You click the link, expecting to be taken to the official Canada Post website. But instead it takes you to an incredibly realistic Canada Post imposter site created by scammers. This fake site is carefully designed to mimic the real Canada Post page.

Step 3. You Input Your Personal Information

On the phishing site, a form asks you to enter personal details like your full name, address, phone number, date of birth, and sometimes credit card information – all to “correct the zip code error”.

You fill out the form, not realizing that your data is going directly to cyber criminals.

Step 4. Scammers Steal Your Personal Data to Commit Identity Theft

With your name, address, date of birth, phone number, and potentially credit card details, scammers can now commit serious identity theft and financial fraud in your name.

They may open fake accounts, make unauthorized purchases, take out loans, or sell your information on the dark web. You may only find out once the damage is done.

Step 5. You Never Receive the Package

After compromising your personal information, the scammers disappear. You never receive a package, because there was no parcel being shipped to you in the first place. The entire interaction took place on phishing sites controlled by fraudsters.

What to Do If You Are Targeted by This Scam

If you receive a suspicious text about an undelivered parcel from Canadian Customs, here are important steps to protect yourself:

  • Never click on links in unsolicited messages about delayed packages. Always go directly to the Canada Post website or app.
  • Double check the sending number. Scam texts often come from unusual numbers not registered to Canada Post.
  • Look for typos, grammar issues and writing errors. Scam messages are poorly written.
  • Verify parcel statuses directly on canadapost.ca. Don’t rely on information in random texts.
  • If concerned, call Canada Post at 1-866-607-6301 to confirm texts. Do not reply to the message.
  • Contact your bank if you entered any financial information to monitor for fraud.
  • Report scam texts to the Canadian Anti-Fraud Centre at 1-888-495-8501.

Being cautious and avoiding clicking direct links in messages can keep your personal data safe from phishing scams.

FAQ: The Canadian Customs Invalid Zip Code Text Scam

1. How does the Canadian Customs zip code scam work?

You get a text claiming a customs issue with your parcel due to an invalid zip code. It provides a link to confirm your address. But it goes to a fake Canada Post site that steals your information.

2. What does the scam text message say?

The text says: “Canadian Customs: You have a parcel being cleared, due to the detection of an invalid zip code address, the parcel can not be cleared…please confirm the zip code address information in the link within 24 hours.”

3. What happens when you click the link?

The link goes to a fake Canada Post website asking you to enter personal details to “fix the zip code error”. This gives your data to scammers.

4. Should you reply to the text?

No, never reply to suspicious texts about unsolicited packages. This confirms your number is active for more scam messages.

5. How do you tell if a parcel text is a scam?

Bad grammar, typing errors, unusual sending number, and asking for personal info via links indicate a scam. Legit Canada Post messages have no errors.

6. What do scammers do with your information?

They use your name, address, birth date, and card details to commit identity theft or make unauthorized purchases.

7. What should you do if you entered your details?

Contact your bank and credit bureaus immediately. Monitor your statements for fraudulent activity. Place a fraud alert on your credit.

8. How can you stay safe from this scam?

Never click links in odd texts about packages. Confirm statuses directly with Canada Post. Report suspicious messages.

9. How can you report these phishing texts?

Forward the texts to the Canadian Anti-Fraud Centre at 1-888-495-8501. Also report the number to your wireless provider.

10. Why are these scams increasing?

More parcel deliveries makes this ruse believable. Scammers use real branding like Canada Post to appear legitimate. Phishing by text tricks more people than email.

The Bottom Line

This parcel delivery scam has already duped countless Canadians into compromising sensitive personal and financial information. By pretending to be from Canadian Customs and claiming an easily believable issue with your address, scammers convince victims the message is legitimate. But the ensuing identity theft and financial fraud can be devastating.

Safeguard yourself by never clicking direct links in unsolicited texts, even if they appear to come from a trusted source. Taking a moment to confirm a message’s authenticity by contacting the organization directly can protect you from inadvertently handing your valuable details to cyber criminals. Stay vigilant against parcel delivery scams to keep your identity and finances safe.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

Previous

UseMyBest Crypto Scam – Our Breakdown of This Crypto Con

Next

Don’t Fall for The U.S. Customs Invalid Zip Code Text Scam