Exposing the USPS “Issues With Your Shipping Address” Scam
Written by: Stelian Pilici
Published on:
A troubling new phishing scam has emerged that targets unsuspecting victims under the guise of a USPS delivery problem notification. This expansive article will provide a detailed exposé on how the “Issues With Your Shipping Address” scam works, how to avoid becoming a victim, and what to do if you fall prey.
This article contains:
Scam Overview
This scam typically starts with the target receiving an email, text or phone call that convincingly appears to originate from the United States Postal Service. The message claims there is an issue verifying or confirming the recipient’s shipping address for pending package deliveries.
The notification urges the recipient to click a link or call a provided number to resolve the address problem immediately. However, this leads to a fake USPS website or call center impersonating the real USPS. If individuals then enter or provide any personal data, the scammers steal it to engage in identity theft or sell it on the black market.
This scam has already deceived thousands into compromising sensitive information, resulting in drained bank accounts, credit card fraud, and destroyed credit reports. Keep reading to learn how to detect this scam and avoid becoming the next victim.
How the Scam Works
Scammers rely on carefully crafted tricks and pressure tactics to successfully pull off this scam. Here is an outline of how they strategically mislead victims at each stage:
1. Crafting Fraudulent Notifications
The first step scammers take is creating email, text and phone scripts impersonating communications from the USPS. These may mention a fake tracking number and a pending delivery requiring address confirmation before release.
The messages are modeled after real USPS alerts related to undelivered packages, missed delivery attempts, and address verification requests. However, phony details are added to manipulate users.
The texts and calls feature prerecorded voices or automated messages. Email subjects state things like: “USPS Delivery Problem,” “Shipping Address Issue,” “Unable To Verify Your Address,” or “Complete Delivery – Confirm Your Address.”
These notifications leverage urgency and threats of non-delivery to provoke panic and quick action. Victims are less likely to scrutinize the details.
2. Directing Victims to Fake Websites and Call Centers
The fraudulent notifications all direct recipients to either click a link or call a provided phone number to resolve the address issue immediately.
However, the link goes to a sophisticated replica of the official USPS website. And the phone number routes to a scam call center impersonating USPS.
Both the fraudulent site and call center are specially designed to closely mimic the real USPS experience. But they are rigged to collect and steal user data instead of fixing any real issues.
3. Collecting Personal Information
Once directed to the phony website or call center, victims see forms prompting them to enter details like full name, street address, date of birth, social security number, credit card number, account usernames, and account passwords.
The scammers claim collecting this information verifies the user’s identity and shipping address. But in reality, the personal data gets stolen.
In some cases, the fraudulent sites may also:
Plant malware on the victim’s device to spy and steal data.
Use pop-ups for fake security alerts that capture private data.
Redirect to other scam websites to harvest additional financial information.
4. Exploiting Stolen Information
Armed with stolen personal data, the scammers then engage in identity theft and financial fraud. Just some examples include:
Withdrawing funds from the victim’s bank and financial accounts
Making purchases and opening lines of credit using stolen identity details
Filing for unemployment and tax refunds using victims’ information
Accessing online accounts via compromised usernames and passwords
Selling bundles of victims’ personal data on the black market
The scammers can also exploit the details to commit additional thefts while posing as the victims. The financial and identity theft ramifications can be severe and challenging to unwind.
5. Pursuing Second-Round Scams
Scammers frequently capitalize on compromised victims with follow-up scams as well. For example:
They may call victims pretending to be USPS security asking for more details or money to stop identity theft already in motion.
Scammers call posing as bank fraud investigators, asking victims to send money to aid an asset recovery process that doesn’t exist.
They contact victims offering to fix hacked devices or restore stolen funds for an upfront fee they pocket.
These secondary scams prolong victims’ suffering and lead to additional financial theft.
What to Do If You’re a Victim
If you entered any sensitive information, account details or other personal data on a fraudulent USPS site or phone line, take these steps immediately:
Contact Banks and Credit Bureaus
Notify your bank and financial institutions your identity has likely been compromised. Have them freeze your accounts and flag for suspicious charges. Ask about reversing fraudulent transactions if found.
Also, place 90-day fraud alerts on your credit files at the three major credit bureaus to halt thieves opening new lines of credit.
Change All Passwords
Reset every password you have for financial, email, social media and other online accounts. Make them long and complex. Also set new security questions and enable two-factor authentication for accounts that offer it.
Monitor Statements Closely
Watch bank and credit statements routinely for any unfamiliar account activity. Report any transactions you don’t authorize to your bank’s fraud department right away.
Place Fraud Alert
Contact one credit bureau to place a 90-day fraud alert. This flags your credit file requiring lenders to verify identity before extending new credit. Add an extended 7-year alert if needed.
File Reports
File a scam report with the real USPS through USPS.com and notify the Federal Trade Commission. This can aid investigations to stop the scam from deceiving others.
Avoid Paying “Recovery” Scammers
Be alert for any call or email claiming they can recover stolen funds or fix your identity if you pay a fee first. This is always a secondary scam. Only work with real institutions on fraud resolution and never prepay.
Spotting This Scam
While this scam can appear quite legitimate, these tips can help expose the fraud:
Analyze Message Details
Scrutinize any shipping notifications closely:
Look for poor grammar/spelling – Legitimate USPS alerts would not contain errors.
Mismatching details – Ensure the phone numbers, addresses, names, and other specifics all check out.
Odd urgency or threats – Real USPS rarely resorts to intimidation urgency to prompt action.
Unusual timing – Being contacted late at night about a delivery issue can signal fraud.
Verify Before Clicking Links
Inspect any provided links carefully:
Hover over the link – Preview the actual destination URL before clicking to reveal mismatched domains.
Double check URLs – Typos or extra numbers/letters in addresses signal a phishing site.
Use site tools – Copy and paste URLs into scam checking tools to detect fraud.
Analyze Websites
Study any USPS site you land on closely:
Cross-reference designs – Subtle differences in logos, fonts, colors, and page layouts can expose spoof sites.
Verify security – Phishing sites lack HTTPS protocol and the padlock icon in the URL bar.
Try to login – Phony sites only show info forms without allowing logins to your private account portal.
Use these tips when dealing with USPS call centers:
Hang up and call back – Use USPS official numbers found on USPS.com to verify alleged representatives.
Ask for credentials – Request ID numbers and names to check. Real USPS agents will provide without hesitation.
Don’t disclose info – Never give personal or financial details to unverified callers claiming to be USPS agents.
Avoiding This Scam
Here are key ways to avoid falling victim to the “USPS Issues With Your Shipping Address” scam:
Never act quickly regardless of threats conveyed. Always research first.
Verify supposed address issues by calling official USPS numbers independently.
Check that any links go directly to USPS.com before clicking.
If entering a site, ensure it has valid USPS branding, URLs, and security certificates.
Do not disclose personal information over the phone either. Request callbacks after independently looking up numbers.
Use unique complex passwords for all accounts, changed regularly. Enable two-factor authentication when available.
Keep software patched and updated to detect fraudulent sites trying to install malware.
Sign up for USPS scam alerts to stay on top of the latest tricks targeting customers.
Is Your Device Infected? Check for Malware
If your device is running slowly or acting suspicious, it may be infected with malware. Malwarebytes Anti-Malware Free is a great option for scanning your device and detecting potential malware or viruses. The free version can efficiently check for and remove many common infections.
Malwarebytes can run on Windows, Mac, and Android devices. Depending on which operating system is installed on the device you’re trying to run a Malwarebytes scan, please click on the tab below and follow the displayed steps.
Malwarebytes For WindowsMalwarebytes For MacMalwarebytes For Android
Scan your computer with Malwarebytes for Windows to remove malware
Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.
Download Malwarebytes for Windows
You can download Malwarebytes by clicking the link below.
After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.
Follow the On-Screen Prompts to Install Malwarebytes
When the Malwarebytes installation begins, the setup wizard will guide you through the process.
You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.
Malwarebytes will now begin the installation process on your device.
When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.
On the final screen, simply click on the Open Malwarebytes option to start the program.
Enable “Rootkit scanning”.
Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.
In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.
Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.
Perform a Scan with Malwarebytes.
To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.
Quarantine detected malware
Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.
Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.
Restart your computer.
When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.
Your computer should now be free of trojans, adware, browser hijackers, and other malware.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Scan your computer with Malwarebytes for Mac to remove malware
Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.
Download Malwarebytes for Mac.
You can download Malwarebytes for Mac by clicking the link below.
When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.
When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.
The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.
To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.
Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.
Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
Your Mac should now be free of adware, browser hijackers, and other malware.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Scan your phone with Malwarebytes for Android to remove malware
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
Your phone should now be free of adware, browser hijackers, and other malware.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
For additional facts about the “USPS Issues With Your Shipping Address” scam see these FAQs:
Are scammers able to spoof legitimate USPS phone numbers?
Yes, scammers use technical tricks to make scam calls appear to come from real USPS 1-800 numbers on caller IDs. Always independently look up and dial official numbers instead of calling back missed call notifications alone.
How do scammers obtain my personal contact information?
Scammers buy hacked customer databases online or acquire emails and phone numbers from shady data aggregators. They may also scrape publicly available information from websites and social media using bots. It only takes one breach for data to spread across scammer networks.
Can I determine if an email is a scam from the subject line alone?
Sometimes. Suspicious keywords like “USPS Delivery Failure”, “Authorization Required” or “Action Needed” should raise red flags. However, some scams now use innocent sounding subjects about package updates. Check the sender address for the biggest clue.
Is providing an email address or phone number to scammers risky?
Absolutely. Scammers can use email and phone numbers to then target victims across other channels and campaigns. They become malware distribution points or identifiers to access accounts once credentials are phished. Treat contact data as sensitive.
How can data entered on phishing sites be used to commit identity theft?
Scammers can use personal details like names, addresses, and birthdates paired with social security numbers to open fraudulent credit cards or bank accounts. Stolen account credentials also grant direct access to assets and sensitive information that fuels financial theft.
What should I do if a scammer calls repeatedly?
Consistently report scam call numbers to the FTC Do Not Call list, USPS postal inspectors, and your phone carrier. You can use call screening/blocking tools as well. Repeated scam calls are used to intimidate but disengaging quickly remains your best defense.
In Conclusion
This scam leverages familiarity with USPS communications and urgency surrounding package deliveries to lower defenses and steal personal data. However, being informed on common tricks these scammers use makes it much simpler to detect fraudulent notifications and websites. Verify supposed USPS alerts completely before providing information or clicking on links. Being proactive is the best way to avoid having your identity and finances compromised through this scam.
How to Stay Safe Online
Here are 10 basic security tips to help you avoid malware and protect your device:
Use a good antivirus and keep it up-to-date.
It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.
Keep software and operating systems up-to-date.
Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.
Be careful when installing programs and apps.
Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."
Install an ad blocker.
Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.
Be careful what you download.
A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.
Be alert for people trying to trick you.
Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.
Back up your data.
Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.
Choose strong passwords.
Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.
Be careful where you click.
Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.
Don't use pirated software.
Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.
To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.
Meet Stelian Pilici
Stelian leverages over a decade of cybersecurity expertise to lead malware analysis and removal, uncover scams, and educate people. His experience provides insightful analysis and valuable perspective.
