Beware the USPS ‘Mail Package in Process of Transportation Due to Damage to Outer Package’ Text Scam 

A new text message scam has emerged, in which scammers pretending to be from the United States Postal Service (USPS) send out fake alerts about damaged packages in an attempt to steal personal and financial information from victims. This scam is commonly referred to as the ‘Mail Package in Process of Transportation Due to Damage to Outer Package’ scam.

This fraudulent scheme exploits unsuspecting individuals by sending text messages that convincingly mimic legitimate USPS notifications. The messages claim that the recipient’s package has been damaged and provides a link to update delivery details. However, the link directs victims to a fake USPS website designed to steal sensitive data.

In this comprehensive article, we will uncover everything you need to know about how this USPS text scam operates, including:

  • An in-depth overview explaining this scam
  • A step-by-step walkthrough of how the scam works
  • What to do if you fall victim to this scheme
  • The implications and seriousness of this scam

Read on to learn how to protect yourself and your loved ones from this USPS text scam.

Mail Package in Process of Transportation Due to Damage to Outer Package scam

Scam Overview – How The USPS Mail Package in Process of Transportation Due to Damage to Outer Package Text Scam Operates

The ‘Mail Package in Process of Transportation Due to Damage to Outer Package’ scam is a prime example of a phishing scam executed via text message, also known as SMS phishing or ‘smishing’.

Smishing scams use the ubiquity of text messaging to cast a wide net for potential victims. Positing as well-known brands like USPS, scammers send messages en masse hoping to catch recipients off guard and trick them into giving up personal information.

In this scam, the text message is made to look like an official USPS alert regarding a damaged package. The message states that critical address details have been lost and provides a link to update delivery details within 12 hours.

An example message reads:

“USPS mail package in the process of tranportation, due to damage to the outer package, adress information is lost, can not be delivered. Please be sure to update the delivery adress information in the link within 12 hours. https://usps.postoal.com (Please reply Y, then exit the SMS, re-open the SMS actionation link, or copy the link to open in Safari) The USPS team wishes you a great day!”

The link leads to a fake website styled to look nearly identical to the official USPS site. On this fraudulent site, victims are prompted to enter personal details like their name, address, and phone number under the guise of redelivery due to a previous delivery failure.

In reality, the scammers have no relation to USPS and no knowledge of any packages. Their aim is to collect and exploit personal information for criminal activity like identity theft.

This scam takes advantage of a few key factors:

  • The ubiquity of USPS – Most Americans regularly send and receive packages through USPS, so an alert about a missing or damaged package seems plausible.
  • Urgency – The message imparts urgency by stating that the recipient has a short window (e.g. 12 hours) to update details before the package is returned. This pressures victims to click the link and provide information without thinking.
  • Brand familiarity – The USPS logo and branding is highly recognizable, making the fake site look credible.
  • Personalization – Using real brand names and logos tricks the recipient into believing the message comes from a trusted source.

Once scammers acquire victims’ personal information, they leverage it to commit identity fraud or sell it on the dark web. The data enables criminals to open fraudulent accounts, take out loans, file false tax returns, steal government benefits, and more.

Beyond identity theft, some variants of this scam also aim to steal financial details. After collecting personal info, the fake site requests credit card information under the guise of a small redelivery fee. In actuality, the scammers use these details to make unauthorized transactions and steal funds.

Because this scam relies heavily on deceiving unwitting recipients, awareness is the best defense. Understanding common tactics like urgency and impersonation allows individuals to recognize fraudulent messages and avoid being exploited.

How the Mail Package in Process of Transportation Due to Damage to Outer Package Scam Works

Now that you understand the basic overview, let’s break down exactly how scammers execute the ‘Mail Package in Process of Transportation Due to Damage to Outer Package’ text scam from start to finish:

Step 1: Scammers Obtain Victims’ Phone Numbers

The first step for scammers is acquiring a list of phone numbers to target with their scam text messages.

They get these phone numbers through a few different methods, including:

  • Purchasing stolen data on the dark web – Massive databases with millions of phone numbers are available for sale on black market sites. Scammers purchase this data to blast out scam texts.
  • Phishing for phone numbers – Scammers may use other phishing schemes to gather phone numbers, like sending fake account verification texts instructing victims to reply with their number.
  • Utilizing phone number generating tools – Certain tools can generate valid phone numbers in a chosen area code and prefix, allowing scammers to blanket a region with messages.
  • Buying phone lists from legitimate sources – Some scammers simply purchase phone lists from data brokers, avoiding illegal routes. As long as the data is collected lawfully, this is allowed.

Regardless of sourcing method, the scammers’ goal is to acquire as many valid mobile numbers as possible to maximize their victim pool.

Step 2: Scammers Send a Fraudulent USPS Text

Using the collected phone numbers, scammers send out mass text messages styled as official package alerts from USPS.

As outlined in the overview, these texts inform recipients that there is damage to their package and the delivery address is lost. A link is provided to supposedly update their address and ensure proper delivery.

These messages are designed to look authentic, featuring USPS branding and logos. Scammers use a variety of tactics, like sender ID spoofing, to make the texts appear to come from a legitimate USPS number rather than an anonymous account.

The goal is to convince recipients the message is from USPS so they believe the supposed “package issue” is real. By impersonating a trusted entity, scammers hope victims will let their guard down and engage with the provided link.

Step 3: Victims Click the Link to the Fake USPS Site

If recipients believe the text is real, they will likely click the link hoping to remedy the described “delivery issue” for their package.

However, the link actually directs them to a bogus website instead of the real USPS site.

This fake domain is carefully designed to look practically identical to the official USPS webpage. The scammers use USPS branding, colors, fonts, headers, photos, and more to make the site look as realistic as possible.

The point is that victims should not be able to discern that they have been directed anywhere besides the legitimate Postal Service website. At a glance, the fake site mirrors the real one to stop recipients from realizing something is amiss.

Step 4: Victims Enter Personal Information on the Fake Site

Once on the fake website, victims are greeted with another page reiterating the supposed package delivery failure described in the initial text.

Scammers will use photos of damaged boxes or packages to further sell the ruse. The page instructs recipients to enter their personal details in order to get their package properly delivered.

Fields are provided prompting victims to enter information like:

  • Full name
  • Home address
  • Phone number
  • Email address

Victims are led to believe this is standard procedure for redelivering a damaged parcel. However, in reality the scammers have no association with USPS and no knowledge of any packages needing delivery.

The fake site is simply a front to illegally collect personal data for criminal purposes. Unfortunately, unsuspecting victims hand over this sensitive information, believing the request and website to be genuine.

Step 5: Scammers Request Credit Card Information

In some variations, scammers take the scam one step further after collecting personal data. The fake USPS site prompts users to enter credit card information to pay a small “redelivery fee”.

Of course, no such fee exists, and victims are handing directly over to fraudsters. Even a small charge of $0.30 or $5 is enough for scammers to validate the stolen card details, which they leverage to make unauthorized transactions.

While losing a few dollars may seem minor, victims’ credit card information is now in the hands of criminals to be misused or sold on the black market. This can lead to serious financial fraud and headaches for the victim trying to lock down their account.

Step 6: Scammers Disappear with Users’ Information

Once scammers have victims’ personal details, credit card info, or both, they immediately disconnect from the interaction.

The fake site is quickly disbanded or altered to focus on new victims. And any replies to the original scam text will go unanswered.

Armed with names, addresses, phone numbers, emails, and potentially credit card data, the scammers now possess everything they need to exploit victims through identity theft and financial fraud.

Step 7: Scammers Leverage Stolen Information for Personal Gain

With users’ details in hand, scammers exploit the data in a variety of illegal ways, including:

  • Selling on the dark web – Personal and financial information is in high demand on black market sites, fetching good prices. Scammers sell stolen data to identity thieves and other cybercriminals.
  • Committing identity theft – Scammers use names, addresses, and birthdays to open fraudulent accounts in victims’ names. This includes credit cards, loans, tax filing, and government benefits.
  • Making unauthorized transactions – Any stolen credit card details are used to make purchases online or digitally transferred to the scammers’ accounts. Even small charges can add up, especially with the volume of victims scammed.
  • Launching secondary scams – Contact info like emails and phone numbers enable scammers to target victims for additional phishing scams and social engineering attacks.
  • Strengthening future attacks – Info like names, numbers, and emails helps scammers craft more convincing fake sites and messages for future victims. Specific details make scams more believable.

The extent of damage inflicted depends on the specific information collected from each victim. But the potential impacts range from damaged credit to financial account hijacking to medical identity theft if health insurance details are compromised.

Scammers are willing to exploit victims endlessly for profit. A single scam spreading widely nets scammers valuable data on thousands of individuals to misuse however they please. This is why falling for text scams enables extensive criminal activity.

How to Spot This USPS Text Scam

While this scam is designed to look authentic, there are a few key signs that can help you identify this fraudulent SMS message:

  • Generic greetings – Authentic companies will address you directly by name in messages, whereas scams tend to use generic greetings like “Dear customer”.
  • Sense of urgency – Messages imparting urgency or limited time frames are common in phishing scams to get you to act without thinking. Legitimate delivery alerts generally don’t demand immediate action.
  • Suspicious links – Hover over or long press on any links to preview the actual URL. Fake sites will try to mimic real URLs.
  • Requesting personal information – USPS and other shippers don’t ask for personal details like your Social Security Number over text. This is a major red flag.
  • Threats or consequences – Scare tactics threatening non-delivery of your package or penalties aim to make you comply with demands.
  • Spelling and grammar errors – While scams are getting more sophisticated, subtle mistakes can still signal a fraudulent message.
  • Incorrect package details – If the text references a package you didn’t order or provides the wrong tracking number, it’s definitely a scam.
  • Follow your gut – If a text just seems “off” or makes you uncomfortable, trust your instincts and delete it. Don’t talk yourself into clicking anything risky.

When in doubt, contact USPS directly through their official website or verified customer service lines to ask about any suspect texts. And never click links or provide personal or financial details via unsolicited messages.

What to Do If You Fall Victim to This Scam

If you receive a suspicious text from USPS and end up clicking the link or providing any personal or financial information, stay calm but act quickly. Here are the steps to take if you fall victim to this scam:

1. Contact USPS

Notify USPS by calling 1-877-876-2455 and reporting fraudulent use of their branding, including any fake texts or websites. Provide them details like the scam message, sender number, and web addresses used.

USPS may be able to shut down or block reported scam phone numbers and sites. They keep records of complaints about scams impersonating their brand, which assists them in pursuing legal action against perpetrators.

2. Alert Your Bank

If you provided any credit card or bank account information, immediately call your financial institution to report unauthorized access. Request that they block your debit or credit card to prevent fraudulent charges.

Financial providers can monitor your accounts closely for suspicious activity and help protect you from monetary losses through fraudulent transactions made in your name.

3. Change Account Passwords

Scammers may attempt to access your online accounts if they have your email or other login credentials. Reset the passwords on all of your online accounts, including email, social media, retail sites, and financial platforms.

Use strong unique passwords for each account. Enable two-factor authentication wherever possible for an added layer of security on logins.

4. Place a Fraud Alert

To protect yourself from potential identity theft, place an initial 90-day fraud alert with one of the three credit bureaus – Equifax, Experian, or TransUnion. This signals creditors to monitor your reports for suspicious activity.

To extend protection, you can place a 7-year fraud alert or credit freeze to fully lock down your credit reports and prevent scammers from opening new accounts in your name.

5. Monitor Accounts Closely

Carefully review your financial statements and account notices over the next few months to spot any signs of fraudulent activity. Report any unknown charges or accounts opened without your authorization.

Ongoing monitoring protects you from additional damages if scammers do misuse your information. Be vigilant to limit your losses from the scam.

6. File a Police Report

Reporting the scam to your local law enforcement creates an official record in case your information is used nefariously. Having a police report can also help if you need to dispute fraudulent charges or accounts with lenders.

While rare, scammers may even be tracked down based on victims’ reports – so alerting the authorities could potentially stop these criminals from scamming others.

By promptly taking these actions, you can contain the damage from any personal data you unfortunately provided scammers. Protect yourself by acting quickly and remaining alert in the aftermath of falling for this scam.

Here is a detailed SEO optimized FAQ section about the ‘USPS Mail Package in Process of Transportation Due to Damage to Outer Package’ text scam:

Frequently Asked Questions About the USPS Text Scam

1. What is the “USPS Mail Package in Process of Transportation Due to Damage to Outer Package” text scam?

This is a scam where victims receive a text message claiming to be from USPS stating that a package is damaged and the delivery address is lost. The message provides a link to supposedly update your address. However, it actually directs victims to a fake USPS website to steal personal and financial information.

2. What does the scam text message say?

The text will say something like:

“USPS: Your mail package is in the process of transportation but has been damaged. Address information is lost and cannot be delivered. Please update delivery address info ASAP by clicking here: [Malicious Link]”

3. What happens if you click the link in the text?

The link goes to a fake website pretending to be the official USPS site. You will be prompted to enter personal details like your name, address, phone number, and potentially credit card information under the guise of redelivering your “damaged” package.

4. How do you tell the site is fake?

While made to look official, subtle signs like a slightly different URL or web layout can signal a fake site. But scammers are making sites appear more authentic. When in doubt, type in usps.com directly rather than clicking links in messages.

5. What do the scammers do with your information?

Scammers use your details for identity theft, selling it on the dark web, committing financial fraud, launching additional scams, and more criminal activity. Even small amounts of data can facilitate serious fraud.

6. What should you do if you click the link or provide information?

  • Contact USPS to report the scam
  • Alert your bank if you shared financial information
  • Change account passwords and enable two-factor authentication
  • Place a fraud alert and monitor your credit reports
  • File a police report to have a record if identity theft occurs

7. How can you avoid this USPS text scam?

  • Never click links in unsolicited texts from unknown numbers. Manually type in web addresses.
  • Ignore any requests for personal or financial data over text.
  • Verify odd package notifications directly with USPS before taking action.
  • Utilize spam call and text blocking tools.
  • Carefully check for subtle signs of spoofing on sites.

8. How widespread is this scam?

This scam has been reported nationwide as scammers blast out texts to random numbers. Any cell phone user could potentially receive this USPS scam text. Elderly individuals may be particularly vulnerable.

9. Are there other common delivery or package scams?

Yes, scammers also send fake texts and emails posing as FedEx, DHL, Amazon, and other delivery companies. Any unexpected tracking updates or shipping issues should be verified by calling the company directly.

10. What should you do if you receive this scam text?

If you get this text, do not interact with the link or sender. Take screenshots of the message and report it to USPS on their official website or by calling 1-877-876-2455. Then delete the text immediately.

The Bottom Line

The ‘Mail Package in Process of Transportation Due to Damage to Outer Package’ USPS text scam relies on impersonating trusted entities and conveying urgency to trick unwitting victims. By providing a fake shipping crisis, scammers manipulate users into handing over valuable personal and financial data.

This scam is just one among many fraudulent schemes that leverage SMS messaging, email, and websites to steal information. Cypercriminals get more creative each day in order to exploit individuals and commit identity theft.

But through education on common tactics and best practices, citizens can equip themselves to recognize scams and avoid compromising sensitive data. When in doubt, reach out to companies directly rather than trusting unsolicited messages.

By exercising caution online and with mobile communications, users can protect themselves and render these criminal operations ineffective. Public awareness regarding phishing techniques represents a major barrier to scammers’ success and disruption of innocent lives.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.