Exposed: The “USPS Package Returned” Scam Texts Explained

Have you received a text message recently stating your USPS package was returned to the center due to an unclear address? If so, you may have been targeted by a new scam making the rounds.

This article will explain everything you need to know about the “USPS package returned” scam texts, including how to identify them, how the scam works, and most importantly, how to protect yourself.

USPS Scam 1

What is the USPS Package Returned Scam?

This scam starts with victims receiving a text message claiming to be from USPS. The message states something along the lines of:

“Delivery failure notification: Your USPS package returned to the center because of an unclear address. Please review your details promptly within 12 hours: [malicious link] Once confirmed, the package will be back out for delivery. Your cooperation is appreciated.”

The text appears to come from a genuine USPS number. When victims click the link, it takes them to a fake USPS website that mimics the look of the real USPS site.

9300120111410471677883 USPS Scam

On the phishing site, victims are prompted to enter personal details like full name, date of birth, phone number, and home address to “verify their mailing address” and release the package. After submitting the info, they are redirected to another page asking for credit card details to pay a small “redelivery fee.”

In reality, the entire process is a scam to steal personal and financial information. The texts are sent by scammers impersonating USPS, and the site is fraudulent.

How the USPS Package Returned Scam Works

Here is a step-by-step breakdown of how the “USPS package returned” scam operates:

Step 1: Victims Receive a Phishing Text

The scam starts with a text message sent to the victim’s phone number. The message is crafted to appear as if it’s from USPS, using a 10-digit number similar to a local post office.

The text notification states that a package intended for the victim was returned to the USPS center because of an “unclear address.” It provides a link to “review your details” and get the package sent back out for delivery.

Step 2: Victims Click the Link to a Fake USPS Site

When victims click the link in the text, it takes them to a website designed to mimic the look of the official USPS site. The URL may be slightly different or have additional words, but it’s easy to mistake as legitimate.

The site has the USPS logo and branding, and claims to be the “Address Verification” page. This tricks victims into thinking they’re on the real USPS site.

Step 3: Victims Input Personal Information

On the phishing site, victims are prompted to enter personal details to “verify their mailing address.” A form requests info like full name, phone number, date of birth, and home address.

Sometimes it even asks for your Social Security Number, driver’s license number, or passport number. Victims provide the sensitive data thinking it’s required to release their returned package.

Step 4: Victims are Redirected to Another Fake Page

After submitting their personal info, victims are redirected from the address verification page to another mock USPS site. This one states that there is a small “redelivery fee” required to get the package shipped back out.

The page requests credit card details, asking victims to pay a charge of usually $2-$5. This nominal fee makes the scam seem harmless.

Step 5: Scammers Steal Personal and Financial Information

Unfortunately, the entire process has been carefully orchestrated by scammers. By inputting details on the fake sites, victims directly hand over personal information, financial data, and credit card numbers to scammers.

The scammers then leverage this info to commit identity theft or make fraudulent purchases with the credit cards. Meanwhile, victims never receive any package.

What Information Do Scammers Obtain?

Through the detailed process, scammers are able to gradually collect a shocking amount of personal and financial information. This includes:

  • Full Name – Victims enter their first and last name on the initial address verification form.
  • Phone Number – The verification form requests your phone number, which can be used for further scams.
  • Home Address – Your street address is also required on the form, providing your location.
  • Email Address – Some forms ask for your email address in addition to other data.
  • Date of Birth – Your DOB helps scammers commit identity fraud.
  • Driver’s License or Passport – Some forms request scans or photos of your ID documents.
  • Social Security Number – SSNs are sometimes requested and extremely valuable to identity thieves.
  • Credit Card Number – The redelivery payment page obtains your full credit card number, security code, and expiration date.

With this data, scammers have all they need to steal your identity, make fraudulent purchases, or sell your information on the dark web. It enables a wide range of cybercrimes well beyond just credit card fraud.

Why Do Victims Fall For This Scam?

There are a few reasons this USPS package scam manages to deceive victims:

  • Texts appear to come from a legit USPS number – Spoofing software allows scammers to make fake texts look like they’re from local post office numbers. This makes the message seem authentic.
  • Criminals impersonate a trusted source – USPS is a known, trusted entity. Victims let their guard down thinking the message is from a valid organization.
  • It pressures urgent action – The text states you must review details within 12 hours or the package can’t be delivered. This pressures victims to act fast without thinking it through.
  • The website looks real – Using USPS branding and logos, the sites successfully pass as the actual USPS site at first glance.
  • It requests only minor payment – The small $2-$5 redelivery fee seems harmless and worth it to receive your package. This obscures the scam.
  • It plays upon expectation – Victims likely don’t expect USPS to scam them. When they’re expecting a real package, this scam seems valid.

5 Ways to Identify the USPS Package Returned Scam

While the scam can seem convincing, there are several indicators you can watch for to identify and avoid it:

1. Incorrect Grammar or Spelling

While scammers try to impersonate USPS, the texts often contain typos, grammatical errors, or wrong wording. Real USPS messages would be flawless.

2. Unknown Senders

Your phone may show the texts are from unknown or unverified numbers rather than official USPS shortcodes.

3. Suspicious Links

Hover over the link on your phone without clicking, or copy it into a browser to see the actual website instead of the disguised link text. The full malicious URL will be exposed.

4. Page Inconsistencies

Look for misspellings, different fonts, or other subtle differences indicating a fake site instead of the legitimate usps.com.

5. Requests for Sensitive Information

USPS would never request your Social Security Number, date of birth, passport number, or other sensitive data simply for mailing address verification.

What to Do If You Receive This Scam Text

If you get a suspicious text claiming your USPS package was returned, here are the steps to take:

  • Do NOT click any links – This could download malware or expose you to the phishing site.
  • Report the Number – Forward the text to SPAM (7726) to report it to your carrier. You can also report texts directly to USPS online.
  • Delete the Message – Delete the scam text immediately to remove it from your phone.
  • Never Provide Personal Information – Do not provide any personal, financial, or identity information to the scammers.
  • Change Passwords – If you did enter info, change passwords on any accounts that use that data.
  • Watch for Fraudulent Charges – If you entered payment info, watch for unauthorized transactions and alert your bank.
  • Sign Up For Credit Monitoring – Enroll in a credit monitoring service to detect any misuse of your personal information.

What to Do If You Already Fell For the Scam

If you already provided data or paid money to the phishing site, take these steps immediately to limit damages:

  1. Alert Your Bank – If you paid with a debit or credit card, contact your bank to report the charges as fraudulent.
  2. Cancel Your Card – Assume the number is compromised. Request to cancel your current card and have a new one issued.
  3. Freeze Credit Reports – Place a credit freeze on your reports to block criminals from opening accounts.
  4. Reset Account Passwords – Change the passwords and security questions/answers for all of your online accounts.
  5. Place Fraud Alerts – Set up fraud alerts with the credit bureaus to detect any attempts at identity theft.
  6. Review Credit Reports – Order free copies of your reports to check for inquiries or accounts you don’t recognize.
  7. File Police Reports – File police reports regarding the identity theft and provide copies to banks and credit bureaus.
  8. Report Identity Theft – Submit an FTC identity theft report and get an identity theft recovery plan.
  9. Consider a Credit Lock – Ask the credit bureaus to place a credit lock on your file with a PIN only you know.

How to Avoid Falling For Similar Scams

While this specific scam impersonates USPS, there are ways to avoid falling for many similar phishing and smishing (text message phishing) scams:

  • Watch for poor spelling/grammar – Legitimate businesses will not send poorly-worded messages with glaring errors.
  • Independently verify suspicious texts – Do not call numbers or visit websites provided in suspicious texts. Locate official contact info to verify.
  • Avoid clicking embedded links – Never click links in unexpected texts or emails. Manually type the website into your browser.
  • Don’t trust Caller ID – Scammers spoof legitimate business numbers. Verify the identity of callers before providing personal information over the phone.
  • Install antivirus software – Antivirus software can detect and block phishing websites and texts. Apps like Robokiller block spam texts.
  • Set up multi-factor authentication – Require an additional verification step before your accounts can be accessed from new devices.
  • Limit personal info shared online – Be wary of oversharing personal details publicly or online that could facilitate identity theft.
  • Check expectations vs. reality – Ask yourself whether the scenario makes sense. Would the business really operate this way? Question discrepancies.

Here are detailed FAQs for the USPS package return scam, optimized for SEO and search ranking:

Frequently Asked Questions About the USPS Package Returned Scam

1. What is the USPS package returned scam?

The USPS package returned scam is a phishing scam where victims receive a text message claiming that a package was returned to the USPS center because of an “unclear address”. The message contains a link to a fake USPS website that prompts victims to enter personal information under the guise of verifying their mailing address in order to have the package redelivered. After submitting data, victims are redirected to another fake page and asked to pay a small redelivery fee. In reality, the sites are fraudulent and designed to steal financial and identity information.

2. What does the scam text message say?

The phishing text message is designed to look like an official USPS notification. It typically states something like:

“Delivery failure notification: Your USPS package returned to the center because of an unclear address. Please review your details promptly within 12 hours: [malicious link] Once confirmed, the package will be back out for delivery. Your cooperation is appreciated.”

3. What happens if you click the link in the text message?

If you click the link, you will be redirected to a fake website pretending to be the USPS site. The scam website has an address verification form that asks victims to input personal details like your full name, date of birth, phone number, home address, driver’s license details, and sometimes even your SSN. These details will go directly to scammers.

4. How much is the redelivery fee on the second fake page?

After filling out information, you are redirected to another scam USPS page stating you must pay a small fee for redelivery, typically $2-$5. This nominal fee makes the scam seem harmless. However, the page is fraudulent and used to steal your credit card information.

5. What are examples of personal information requested?

The scam collects a shocking amount of personal and financial data including:

  • Full name
  • Phone number
  • Home address
  • Email address
  • Date of birth
  • Social Security Number
  • Driver’s license details
  • Credit card number

6. What do scammers do with my information if I fall for the scam?

Scammers use your information for activities like:

  • Stealing your identity and committing identity fraud
  • Making unauthorized purchases with your credit card
  • Accessing and draining your bank accounts
  • Opening fraudulent accounts or getting loans in your name
  • Selling your details on the dark web

7. Why do people fall victim to the USPS package return scam?

There are several reasons the scam succeeds in deceiving victims:

  • Texts appear to come from a valid USPS number
  • Scammers convincingly impersonate USPS
  • Urgent wording pressures quick action
  • Fake sites closely mimic the real USPS website
  • Small redelivery fee seems legitimate
  • Victims don’t expect USPS to scam them

8. How can I identify the USPS package returned scam?

Watch for:

  • Grammatical errors and typos
  • Unknown sender phone numbers
  • Suspicious or invalid links
  • Subtle differences from official USPS site
  • Requests for unnecessary personal info

9. I got the scam text. What should I do now?

If you receive the text:

  • Do not click any links
  • Report the number that texted you
  • Delete the scam text to remove it
  • Do not provide any personal information
  • Watch for fraudulent charges

10. I already entered my details. What steps should I take?

If you provided scammers your information:

  • Contact your bank if you paid anything
  • Cancel any compromised cards
  • Place credit freezes and fraud alerts
  • Reset all account passwords
  • Monitor your credit reports and accounts

The Bottom Line on the USPS Package Returned Scam

This scam can seem convincing thanks to spoofed numbers, urgent wording, and lookalike websites. But awareness of its tactics makes it possible to detect and avoid. Don’t let scammers rush you into providing personal or financial data. Verify things independently and watch for red flags.

If targeted by this scam, cut off contact immediately. Never submit information or payments. Report the scam texts to USPS and your mobile carrier, then take steps to protect your identity and accounts in case you did fall victim. Remaining vigilant for similar scams in the future will keep you protected.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.