Scams and frauds targeting unsuspecting victims through text messages have been on the rise in recent years. One such scam that has emerged involves a fraudulent text message that claims to be from the United States Postal Service (USPS) stating that a package cannot be delivered due to an incomplete address. This “USPS Incomplete Address” text message scam aims to trick recipients into clicking on a malicious link that can lead to identity theft, stolen financial information, or device infiltration with malware.
In this comprehensive guide, we will provide an in-depth look at how the USPS “Incomplete Address” text scam works, what you should do if you receive such a suspicious message, and how to best protect yourself moving forward.
Overview of the USPS “Incomplete Address” Text Scam
The USPS “Incomplete Address” scam message will generally appear as follows:
“The USPS package has arrived at the warehouse and cannot be delivered due to incomplete address information. Please confirm your address in the link within 12 hours.
usps.usspls.com
The US Postal team wished you a wonderful day.”
This message is designed to instill a sense of urgency in the recipient to click the link and provide the requested information as soon as possible. Scammers use this tactic to get users to act rashly before thoroughly vetting the message source and links.
However, legitimate organizations like USPS will never send unsolicited messages requesting personal information over text. Any communication from USPS would come through official channels only after you initiate contact.
This scam message is a classic example of smishing – phishing attempts executed through SMS text messaging. The goal is to impersonate a trusted entity like USPS to trick users into giving up sensitive data that can then be used for identity theft and financial fraud.
The link included in the text does not lead to any official USPS site. Instead, it goes to a fraudulent website impersonating USPS and designed to steal login credentials, personal info, or install malware.
According to USPS, these fake “incomplete address” texts have been reported in dozens of states, with links using a variety of bogus domains. This indicates the work of larger criminal scam networks casting a wide net to ensnare as many victims as possible.
Common Variations of the Scam Message
While the core scam remains the same, cybercriminals may tweak the exact wording of these USPS smishing texts to improve their odds. Some other common variations include:
- “Your postal package has arrived at distribution center and cannot be delivered to you due to incomplete delivery address information. Please complete your shipping address by clicking on the link below within 24 hours.”
- “Your USPS parcel is on hold because of an address issue. Confirm your full address now or the parcel will be returned.”
- “We were unable to deliver your package because the address provided was incorrect. Please click here to confirm your information so we can deliver your package: http://uspseverify.com.”
- “Your package has arrived but the address you provided doesn’t match our records. Please verify your information here to avoid return. http://usps-verify.com.”
The core red flags remain across all versions – mentioning a parcel delivery problem, asking for address confirmation, and inclusion of a dubious link. As long as these elements are present, recipients should treat the message as an attempted scam.
Delivery Problem Scams Remain a Popular Attack Vector
While this USPS scam is a more recent threat, delivery problem scams have been around for years and continue to be used widely by scammers due to their effectiveness. Some other examples include:
- FedEx delivery problem scams
- DHL delivery issue scams
- Amazon missed delivery scams
- UPS label expired/undelivered parcel scams
Cybercriminals exploit the ubiquitous nature of package deliveries now and the anxiety people feel if a delivery goes wrong. By impersonating major shipping companies and crafting urgent, problem-solving messages, scammers play on these fears to get users to click without thinking first.
The high success rates mean delivery scams aren’t going anywhere. And with so many now occurring over SMS, they can be harder to identify as malicious. This makes awareness of the latest examples – like the USPS incomplete address scam – so important.
How the USPS “Incomplete Address” Scam Works
Now that we’ve looked at the overview, let’s break down step-by-step how scammers leverage this scam to compromise targets:
1. Victims Receive a Convincing USPS Smishing Text
The scam starts with targets receiving an unsolicited text message that appears to come from the US Postal Service. The message is modeled on legitimate shipping notifications people often receive, but states there is an address issue preventing delivery.
The text includes an ominous warning that the package will be returned or the order canceled if the problem isn’t resolved immediately. This creates a sense of urgency to act fast.
And the message comes from an SMS short code or 10-digit number that looks like it could be a legitimate USPS notification system. Combined, these tactics make the message appear credible on the surface.
2. The Text Prompts Recipients to Click a Link to Fix the Issue
After establishing a scenario where urgent action is required, the scam message provides a solution that seems logical – click a link to confirm or correct your address information.
The link uses a fake but believable domain name like “usps-verify.com” or “uspsparcelonhold.com.” This adds legitimacy compared to a glaringly sketchy link.
The scammers are relying on the recipient being worried about a lost package and rushing to get it delivered. This fear overwhelms critical thinking that would normally identify this as a scam.
3. Users Click the Link Which Sends them to a Phishing Site
When recipients click the link on their mobile device, it does not direct them to any official USPS site. Instead, it sends them to a sophisticated phishing website that mimics a USPS domain.
The site is carefully designed to look identical to the real USPS, featuring official branding, images, web design, and domain styling. This further lowers any suspicions.
Without realizing they are on a scam website, victims will then try to resolve the address issue in good faith.
4. The Fake USPS Site Asks Users to Enter Personal Information
The phishing site contains a form requesting personal details to confirm or update the delivery address – often saying this is needed before the package can ship.
Information commonly requested includes full name, physical address, phone number, email address, and sometimes additional info like ZIP code or Social Security number.
Since the website looks legitimate, victims diligently enter the details without realizing their sensitive data is going directly to scammers.
5. Scammers Collect Entered Information for Identity Theft and Fraud
With a single click on the text, scammers can now obtain trove of personal data on a victim that can be used in a variety of follow-up criminal activities.
Most commonly, the information enables identity theft – scammers can now open fraudulent accounts or make purchases in the victim’s name. It also allows future targeted phishing attempts against that specific user.
Scammers may sell the data on the dark web for a profit. And credentials like an email address and password could be tested on other popular sites through credential stuffing.
Overall, the scam allows scammers to line their pockets while leaving victims at huge risk of financial fraud or identity theft.
Key Things That Make This Scam Believable
Several deliberate tricks are built into these USPS text scams to improve credibility and get more users to click:
- Spoofed Sender ID – The texts come from a 10-digit phone number or SMS short code that looks like it could be a verified USPS notification program.
- Sense of Urgency – The message sets up a scenario where immediate action is required or a package will be lost or canceled. This gets recipients to act rashly on impulse without scrutiny.
- Logical Solution – Providing missing address info seems like a reasonable solution so users don’t second guess the request.
- Official Branding – Both the message and scam website mimic USPS branding to appear legitimate.
- Realistic Domain – Domain names like usps-verify.com sound like they could be real USPS sites vs. obvious fakes.
- Personal Details Requested – Asking for address info instead of financials seems less suspicious despite enabling identity theft.
Staying aware of common tactics like these is key to identifying scams before becoming a victim.
How to Spot USPS Scam Text Messages
While scammers may slightly alter messages to improve success rates, there are common traits to help identify illegitimate USPS texts:
It’s Unsolicited
Real USPS notifications only come in response to a tracking request or current order. Anything arriving unexpectedly out of the blue should be treated as suspicious.
Urgent Action Language
Scam messages use urgent language demanding immediate action or else service will be disrupted or packages returned. Real USPS messages won’t make such extreme threats.
Request for Personal Information
Legitimate USPS will not request sensitive personal details like your Social Security number over text. Any message asking for private info to fix an issue is a scam.
Odd Link
Scam texts include a link to a website impersonating USPS designed to steal data. The link will use an odd domain name not matching the official USPS.com site or other postal service sites.
Follows Common Scam Format
Messages structured as + + closely match known smishing scams and should induce skepticism immediately.
Not Addressed to You Specifically
Instead of using your name, USPS scam texts use generic greetings like “Dear Postal Customer” so messages can be blasted widely to thousands of numbers.
Poor Grammar/Spelling
Scam messages often contain typos, bad grammar and punctuation, or other textual indicators they weren’t created by native English speakers familiar with USPS communications.
Staying vigilant for these common red flags is key to identifying and avoiding USPS text scams before they dupe you into giving up valuable personal data. When in doubt, contact USPS customer service directly to verify legitimacy.
What to do if you Have Been Targeted by the USPS Text Scam
If you have received a suspicious text from USPS about an incomplete address, there are a number of steps you should take right away:
1. Avoid Clicking Any Links in the Message
If you already clicked the link, don’t enter any information. But if you haven’t taken action, avoid clicking on any links in the message. As outlined above, the links lead to phishing websites to steal personal information. No good can come from visiting the scam site.
2. Report the Text as Spam or Junk
On your smartphone, locate the received text message and report it as spam or junk to your mobile carrier. You can often do this by selecting the message and looking for a Report as Spam or Block Sender option. This helps identify the sender as malicious.
3. Forward Details to USPS for Review
Forward the text details to USPS at spam@uspis.gov or file a scam report at https://postalinspectors.uspis.gov. Investigators can review the message details and work to shut down the scam.
4. Change Online Account Passwords Used
Even if you didn’t enter details, scammers could have obtained passwords through other means. Change passwords on your USPS account, associated email account, and any other accounts using that same password Combination just to be safe.
5. Place a Fraud Alert and Monitor Accounts
If you did submit account usernames or passwords, or other sensitive data, consider placing a fraud alert with credit bureaus and closely monitoring all your financial accounts for suspicious activity. This enables early detection of any misuse of your information.
6. Watch for Any Additional Scam Attempts
Scammers who obtain some personal details often follow-up with additional phishing attempts, both over SMS and email. Remain vigilant for any abnormal contacts referencing the initial scam message. Go through the same reporting steps above if you receive a follow up scam effort.
7. Install a Robust Security App
A cybersecurity app on your smartphone can help block future smishing efforts by identifying and stopping scam texts before they reach you. Lookup trusted SMS blocking apps to find one that works best for your device type.
8. Educate Friends and Family
Spread awareness by alerting your contacts about new text scams like this. The more people that know how to spot and deal with smishing fraud, the less victims the scammers can claim overall. A few minutes chatting with grandparents or less tech savvy friends can make a real difference.
How to Avoid Falling Victim to Text Message Scams
While you can recover from a single smishing attempt with the above steps, far better to avoid becoming a victim in the first place. Here are some best practices to protect yourself from scams over SMS:
Never Click Links in Unsolicited Texts
Treat links in any unexpected or unsolicited text messages as inherently suspicious, no matter how legitimate they appear. Instead, contact the company through a known official channel to inquire. Whether USPS, Amazon, your bank – real notifications will have customer service numbers you can call.
Watch for Red Flags
Learn the common traits of a smishing scam like odd links, threats of account suspension, or requests to confirm personal details out of the blue. Messages with even subtle red flags should be deleted.
Contact the Company Directly
Don’t reply to the text. Look up official contact info you trust for the company in question and inquire with customer service about any texts received. They can verify legitimacy and report scams.
Never Provide Sensitive Data Over Text
Legitimate companies will only request personal details through secure web forms – not via unsolicited text. Be very wary of any SMS asking for private info like Social Security numbers, logins, or financial account details.
Utilize Two-Factor Authentication
For key accounts like email, banking, and USPS, enable two-factor authentication for enhanced security. This requires both your password and a unique code generated during login for access, creating an additional barrier.
Install a Robust Security App
Purpose-built mobile security apps provide an added layer of protection by scanning for threats in real time. This allows them to detect and block smishing texts before you ever see them.
Never Reply Stop to Scam Texts
While it’s logical to reply STOP to end unwanted texts, avoid doing this in response to scams. Replying confirms to scammers your number is real and primed for more smishing attacks.
Is Your Device Infected? Check for Malware
If your device is running slowly or acting suspicious, it may be infected with malware. Malwarebytes Anti-Malware Free is a great option for scanning your device and detecting potential malware or viruses. The free version can efficiently check for and remove many common infections.
Malwarebytes can run on Windows, Mac, and Android devices. Depending on which operating system is installed on the device you’re trying to run a Malwarebytes scan, please click on the tab below and follow the displayed steps.
Scan your computer with Malwarebytes for Windows to remove malware
Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.
Download Malwarebytes for Windows
You can download Malwarebytes by clicking the link below.
MALWAREBYTES FOR WINDOWS DOWNLOAD LINK
(The above link will open a new page from where you can download Malwarebytes)-
Install Malwarebytes
After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.
Follow the On-Screen Prompts to Install Malwarebytes
When the Malwarebytes installation begins, the setup wizard will guide you through the process.
-
You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.
-
Malwarebytes will now begin the installation process on your device.
-
When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.
-
On the final screen, simply click on the Open Malwarebytes option to start the program.
-
Enable “Rootkit scanning”.
Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.
In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.
Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.
Perform a Scan with Malwarebytes.
To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.
-
Wait for the Malwarebytes scan to complete.
Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.
-
Quarantine detected malware
Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.
Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.
-
Restart your computer.
When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.
Your computer should now be free of trojans, adware, browser hijackers, and other malware.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future.
If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
- Run a computer scan with ESET Online Scanner
- Ask for help in our Windows Malware Removal Help & Support forum.
Scan your computer with Malwarebytes for Mac to remove malware
Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.
-
Download Malwarebytes for Mac.
You can download Malwarebytes for Mac by clicking the link below.
MALWAREBYTES FOR MAC DOWNLOAD LINK
(The above link will open a new page from where you can download Malwarebytes for Mac) -
Double-click on the Malwarebytes setup file.
When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
-
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.
When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
-
Select “Personal Computer” or “Work Computer”.
The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
-
Click on “Scan”.
To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
-
Wait for the Malwarebytes scan to complete.
Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
-
Click on “Quarantine”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
-
Restart computer.
Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
Your Mac should now be free of adware, browser hijackers, and other malware.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future.
If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Scan your phone with Malwarebytes for Android to remove malware
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
-
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
MALWAREBYTES FOR ANDROID DOWNLOAD LINK
(The above link will open a new page from where you can download Malwarebytes for Android) -
Install Malwarebytes for Android on your phone.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
-
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options.
This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue.
Tap on “Got it” to proceed to the next step.
Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue.
Tap on “Allow” to permit Malwarebytes to access the files on your phone. -
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
-
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
-
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
-
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
Your phone should now be free of adware, browser hijackers, and other malware.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future.
If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
- Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
- Ask for help in our Mobile Malware Removal Help & Support forum.
Frequently Asked Questions
What is the USPS “Incomplete Address” text scam?
This is a smishing (SMS phishing) scam where targets receive a text message claiming to be from USPS stating that a package cannot be delivered due to an incomplete or incorrect address. The message includes a malicious link and urges the recipient to click it to confirm or update their address. However, the link leads to a fake website designed to steal personal information.
How do I recognize this USPS scam text message?
These scam texts generally mention a problem delivering your package, that the order may be canceled or package returned if not addressed immediately, and include a suspicious link to supposedly resolve the address issue. Requests for quick action and links in unsolicited texts are red flags.
Does USPS ever send texts about delivery issues?
No. Legitimate notifications from USPS will only come via official communication channels, not unsolicited text. Any unexpected texts claiming to be USPS and urgently requesting personal information or account details are scams.
What happens if I click the link in the text?
The link goes to a sophisticated phishing website impersonating USPS and requests personal details to confirm your address. If entered, this sensitive data is stolen by scammers who can then commit identity theft or steal your money.
Should I reply STOP to the text message?
No. Replying to scam texts at all confirms to scammers they have a real target. Instead, report the text as spam to your mobile carrier and file details with USPS to get the scam shutdown.
What if I already clicked the link and entered information?
Alert USPS to the scam, place a fraud alert with credit bureaus, closely monitor financial accounts for suspicious activity, change online account passwords used on the phishing site, and watch for potential follow up scams leveraging stolen details.
How can I avoid this USPS scam in the future?
Never click links in unsolicited texts, no matter how urgent or official they appear. Manually contact trusted customer service numbers to verify legitimacy of any notifications received over SMS. Use security apps to block smishing texts before they ever reach your phone.
Who do I report this scam text to?
You can report this scam text to USPS by forwarding details to spam@uspis.gov and your mobile provider by reporting the text as spam or junk in your texting app. This helps get scam domains blacklisted.
The Bottom Line
The USPS “incomplete address” smishing scam is one of the latest examples of fraudsters impersonating shipping companies over text to steal personal information. Legitimate notifications from USPS will never arrive unexpectedly and urgent requests for info should raise red flags. If you receive a suspicious text claiming to be from USPS, avoid clicking any links. Instead, report the message to USPS and your mobile carrier, change any passwords used online, and monitor closely for identity theft. Going forward, remember to never click links in unsolicited texts, no matter how realistic they appear. Always contact companies directly through official channels. Remaining vigilant and using secure practices like two-factor authentication remain your best defense against SMS scams.