Don’t Fall for The U.S. Customs Invalid Zip Code Text Scam

Photo of author

Written by: Thomas Orsolya

Published on:

Deceptive phishing scams seem endless, each using cunning psychological tricks and technological tools to dupe unsuspecting victims. The latest is a troubling SMS-based scam impersonating U.S. Customs and claiming an invalid zip code is blocking delivery of your package. This compelling exposé will uncover everything you need to know to recognize and stop this scam.

USPS Redelivery Payment

Scam Overview

This clever scheme starts with an unsolicited text message stating U.S. Customs has detected an invalid zip code for your package, preventing it from clearing customs and delaying delivery. The text urges you to click a link to verify your address and release your “detained” parcel quickly.

However, the link leads to an extremely realistic but entirely fake USPS website fabricated to steal your personal data and credit card information. Once scammers have your details, they leverage it to commit serious identity theft and financial fraud in your name.

Here’s an example of the text victims receive:

“U.S. Customs: You have a USPS parcel being cleared, due to the detection of an invalid zip code address, the parcel can not be cleared, the parcel is temporarily detained, please confirm the zip code address information in the link within 24 hours.

[Malicious Link]

Please reply with a Y, then exit the text message and open it again to activate the link, or copy the link into your Safari browser and open it. Have a great day from the USPS team!”

This message looks credible enough, from a recognized government agency stating a simple zip code mistake. But the grammatical errors and urgent call-to-action are red flags. And the consequences of clicking that link are devastating.

Victims are taken to a fake but extremely realistic USPS website. A form asks you to input personal information to “verify your identity” and mailing address to release your package. Scammers capture your name, address, phone, date of birth and more.

You’re then redirected to another convincing USPS-branded phishing page claiming you must pay a small $2-$5 “redelivery fee”. Unwitting victims enter credit card details, not realizing this hands your full financial data directly to fraudsters.

With enough information to steal your identity and make unauthorized transactions, scammers disappear without a trace, leaving victims compromised. This relatively simple scam enables serious financial and identity theft impacting countless Americans.

How the U.S. Customs Zip Code Scam Works

This scam manipulates five psychological triggers and technical tricks to successfully deceive victims at scale:

1. Victims Receive an Unsolicited Text

You receive a random SMS with odd writing stating U.S. Customs detected an invalid zip code for your package. It claims the issue is detaining your parcel in customs and provides a link to “verify your address”.

2. The Link Goes to a Fake USPS Site

Clicking the link leads not to a government website, but instead to an extremely convincing mock USPS site populated with the official branding, colors and messaging. This fakesite is designed specifically to phish for your data.

3. You Input Personal Information

On the phishing site, victims enter personal details like full name, home address, phone, date of birth, and driver’s license number, believing this will release their stuck package. In reality, this data goes to cybercriminals.

4. The Site Redirects You to Another Fake Page

After capturing your personal information, the fake USPS site redirects to another phishing page claiming you must now pay a $2-$5 “redelivery fee”. This seems small and legitimate, deceiving you into entering full credit card details that also go to scammers.

5. Scammers Steal Your Identity and Make Fraudulent Purchases

Armed with your name, address, date of birth, phone, credit cards and other data, scammers can easily commit identity theft or make unauthorized transactions in your name costing thousands.

You never receive a package, because the entire interaction occurred on fraudulent websites designed specifically to phish your details.

What to Do If You Are Targeted

If you receive an odd text about an undelivered package from U.S. Customs, protect yourself by doing this:

  • Never click on links in messages about delayed packages. Manually open carrier websites.
  • Watch for grammatical and spelling errors which indicate scams.
  • Call U.S. Customs directly using numbers on government websites if concerned about a text.
  • Carefully check credit card and bank statements for any unauthorized charges.
  • Consider placing an initial fraud alert through one of the three credit bureaus.
  • Report scam texts to the FTC and forward to SPAM (7726) to alert your carrier.

Staying vigilant against phishing texts can prevent you from inadvertently compromising sensitive personal data to fraudsters.

FAQ: The U.S. Customs Invalid Zip Code Text Scam

1. How does the U.S. Customs zip code scam work?

You get a text claiming customs needs to verify your zip code before releasing your detained parcel. But the link goes to a fake USPS site stealing your info.

2. What does the scam text message say?

It says: “U.S. Customs: You have a USPS parcel being cleared, due to the detection of an invalid zip code address, the parcel can not be cleared…please confirm the zip code address information in the link within 24 hours.”

3. What happens when you click the link?

You are taken to a fake USPS website asking for personal details to “fix the zip code issue”. This gives your data to scammers.

4. Should you reply to the text?

No, never reply to odd texts about mystery packages. Replying confirms your number is active for more scam messages.

5. How can you identify this as a scam?

Bad grammar, typing mistakes, strange sending number, and asking for info via links signals a scam. Legit USPS texts have no errors.

6. What do scammers do with your details?

They use your name, address, birth date, and card info to open fraudulent accounts or make unauthorized purchases in your name.

7. What should you do if you entered your info?

Immediately contact your bank and credit bureaus to monitor for fraud. Consider placing a credit freeze to limit damage.

8. How can you avoid this scam?

Never click links in texts about packages. Manually check statuses on usps.com. Report odd texts.

9. How can you report these phishing texts?

Forward texts to 7726 to alert your carrier. File complaints with the FTC and your state attorney general.

10. Why are these scams increasing?

Rising ecommerce shipping makes fake notices believable. Scammers leverage trusted names like USPS. Text phishing tricks more people than email.

The Bottom Line

This U.S. Customs scam has already deceived countless victims into giving up valuable personal and financial information. By pretending a simple zip code mistake is delaying delivery, scammers create an extremely believable premise. But the damaging identity theft and financial fraud that results can be devastating.

Safeguard yourself by never clicking links about packages, manually accessing carrier sites, watching for errors, and understanding common phishing tricks. Staying alert to parcel delivery scams protects you and your identity.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

Previous

Beware of the Canadian Customs Invalid Zip Code Text Scam

Next

“Read This Email or Something Terrible Will Happen” Email Scam