Exposing the USPS “Issues With Your Shipping Address” Scam
Written by: Stelian
Published on:
A troubling new phishing scam has emerged that targets unsuspecting victims under the guise of a USPS delivery problem notification. This expansive article will provide a detailed exposé on how the “Issues With Your Shipping Address” scam works, how to avoid becoming a victim, and what to do if you fall prey.
Scam Overview
This scam typically starts with the target receiving an email, text or phone call that convincingly appears to originate from the United States Postal Service. The message claims there is an issue verifying or confirming the recipient’s shipping address for pending package deliveries.
The notification urges the recipient to click a link or call a provided number to resolve the address problem immediately. However, this leads to a fake USPS website or call center impersonating the real USPS. If individuals then enter or provide any personal data, the scammers steal it to engage in identity theft or sell it on the black market.
This scam has already deceived thousands into compromising sensitive information, resulting in drained bank accounts, credit card fraud, and destroyed credit reports. Keep reading to learn how to detect this scam and avoid becoming the next victim.
How the Scam Works
Scammers rely on carefully crafted tricks and pressure tactics to successfully pull off this scam. Here is an outline of how they strategically mislead victims at each stage:
1. Crafting Fraudulent Notifications
The first step scammers take is creating email, text and phone scripts impersonating communications from the USPS. These may mention a fake tracking number and a pending delivery requiring address confirmation before release.
The messages are modeled after real USPS alerts related to undelivered packages, missed delivery attempts, and address verification requests. However, phony details are added to manipulate users.
The texts and calls feature prerecorded voices or automated messages. Email subjects state things like: “USPS Delivery Problem,” “Shipping Address Issue,” “Unable To Verify Your Address,” or “Complete Delivery – Confirm Your Address.”
These notifications leverage urgency and threats of non-delivery to provoke panic and quick action. Victims are less likely to scrutinize the details.
2. Directing Victims to Fake Websites and Call Centers
The fraudulent notifications all direct recipients to either click a link or call a provided phone number to resolve the address issue immediately.
However, the link goes to a sophisticated replica of the official USPS website. And the phone number routes to a scam call center impersonating USPS.
Both the fraudulent site and call center are specially designed to closely mimic the real USPS experience. But they are rigged to collect and steal user data instead of fixing any real issues.
3. Collecting Personal Information
Once directed to the phony website or call center, victims see forms prompting them to enter details like full name, street address, date of birth, social security number, credit card number, account usernames, and account passwords.
The scammers claim collecting this information verifies the user’s identity and shipping address. But in reality, the personal data gets stolen.
In some cases, the fraudulent sites may also:
Plant malware on the victim’s device to spy and steal data.
Use pop-ups for fake security alerts that capture private data.
Redirect to other scam websites to harvest additional financial information.
4. Exploiting Stolen Information
Armed with stolen personal data, the scammers then engage in identity theft and financial fraud. Just some examples include:
Withdrawing funds from the victim’s bank and financial accounts
Making purchases and opening lines of credit using stolen identity details
Filing for unemployment and tax refunds using victims’ information
Accessing online accounts via compromised usernames and passwords
Selling bundles of victims’ personal data on the black market
The scammers can also exploit the details to commit additional thefts while posing as the victims. The financial and identity theft ramifications can be severe and challenging to unwind.
5. Pursuing Second-Round Scams
Scammers frequently capitalize on compromised victims with follow-up scams as well. For example:
They may call victims pretending to be USPS security asking for more details or money to stop identity theft already in motion.
Scammers call posing as bank fraud investigators, asking victims to send money to aid an asset recovery process that doesn’t exist.
They contact victims offering to fix hacked devices or restore stolen funds for an upfront fee they pocket.
These secondary scams prolong victims’ suffering and lead to additional financial theft.
What to Do If You’re a Victim
If you entered any sensitive information, account details or other personal data on a fraudulent USPS site or phone line, take these steps immediately:
Contact Banks and Credit Bureaus
Notify your bank and financial institutions your identity has likely been compromised. Have them freeze your accounts and flag for suspicious charges. Ask about reversing fraudulent transactions if found.
Also, place 90-day fraud alerts on your credit files at the three major credit bureaus to halt thieves opening new lines of credit.
Change All Passwords
Reset every password you have for financial, email, social media and other online accounts. Make them long and complex. Also set new security questions and enable two-factor authentication for accounts that offer it.
Monitor Statements Closely
Watch bank and credit statements routinely for any unfamiliar account activity. Report any transactions you don’t authorize to your bank’s fraud department right away.
Place Fraud Alert
Contact one credit bureau to place a 90-day fraud alert. This flags your credit file requiring lenders to verify identity before extending new credit. Add an extended 7-year alert if needed.
File Reports
File a scam report with the real USPS through USPS.com and notify the Federal Trade Commission. This can aid investigations to stop the scam from deceiving others.
Avoid Paying “Recovery” Scammers
Be alert for any call or email claiming they can recover stolen funds or fix your identity if you pay a fee first. This is always a secondary scam. Only work with real institutions on fraud resolution and never prepay.
Spotting This Scam
While this scam can appear quite legitimate, these tips can help expose the fraud:
Analyze Message Details
Scrutinize any shipping notifications closely:
Look for poor grammar/spelling – Legitimate USPS alerts would not contain errors.
Mismatching details – Ensure the phone numbers, addresses, names, and other specifics all check out.
Odd urgency or threats – Real USPS rarely resorts to intimidation urgency to prompt action.
Unusual timing – Being contacted late at night about a delivery issue can signal fraud.
Verify Before Clicking Links
Inspect any provided links carefully:
Hover over the link – Preview the actual destination URL before clicking to reveal mismatched domains.
Double check URLs – Typos or extra numbers/letters in addresses signal a phishing site.
Use site tools – Copy and paste URLs into scam checking tools to detect fraud.
Analyze Websites
Study any USPS site you land on closely:
Cross-reference designs – Subtle differences in logos, fonts, colors, and page layouts can expose spoof sites.
Verify security – Phishing sites lack HTTPS protocol and the padlock icon in the URL bar.
Try to login – Phony sites only show info forms without allowing logins to your private account portal.
Use these tips when dealing with USPS call centers:
Hang up and call back – Use USPS official numbers found on USPS.com to verify alleged representatives.
Ask for credentials – Request ID numbers and names to check. Real USPS agents will provide without hesitation.
Don’t disclose info – Never give personal or financial details to unverified callers claiming to be USPS agents.
Avoiding This Scam
Here are key ways to avoid falling victim to the “USPS Issues With Your Shipping Address” scam:
Never act quickly regardless of threats conveyed. Always research first.
Verify supposed address issues by calling official USPS numbers independently.
Check that any links go directly to USPS.com before clicking.
If entering a site, ensure it has valid USPS branding, URLs, and security certificates.
Do not disclose personal information over the phone either. Request callbacks after independently looking up numbers.
Use unique complex passwords for all accounts, changed regularly. Enable two-factor authentication when available.
Keep software patched and updated to detect fraudulent sites trying to install malware.
Sign up for USPS scam alerts to stay on top of the latest tricks targeting customers.
Is Your Device Infected? Run a Free Malware Scan
Slow performance, constant pop-ups, or strange behavior? These are classic signs of a malware infection. The fastest way to find out is to scan your device with Malwarebytes Anti-Malware Free — one of the most trusted malware removal tools available.
The free version detects and removes the most common threats, including:
Adware — the cause of those annoying pop-ups
Browser hijackers — unwanted redirects and changed homepages
Trojans and spyware — hidden programs stealing your data
Potentially unwanted programs (PUPs) — software you never asked for
👉 Select your device below — Windows, Mac, or Android — then follow the simple steps to download Malwarebytes, scan your system, and remove any threats it finds. The whole process takes about 5 minutes.
Malwarebytes for WindowsMalwarebytes for MacMalwarebytes for Android
Run a Malware Scan with Malwarebytes for Windows
Malwarebytes is one of the most popular and trusted anti-malware tools for Windows — and it’s completely free for removing infections. It catches threats that many antivirus programs miss, including adware, browser hijackers, and trojans. Follow the steps below to scan and clean your PC in just a few minutes.
Download Malwarebytes
Click the button below to download the latest version of Malwarebytes for Windows from the official source. The free version is all you need — it will scan your computer and remove adware, browser hijackers, and other malicious software at no cost.
(The link opens in a new page where your download will start)
Install Malwarebytes
When the download finishes, open your Downloads folder and double-click the MBSetup file. If Windows shows a User Account Control pop-up, click “Yes” to allow the installation.
Follow the On-Screen Prompts to Install Malwarebytes
The setup wizard will walk you through a few quick screens:
Choose where you’re installing the program — “Personal Computer” or “Work Computer” — then click Next.
Malwarebytes will now install on your device. This usually takes under a minute.
When installation is complete, the “Welcome to Malwarebytes” screen will open automatically.
On the final screen, click Open Malwarebytes to launch the program.
Enable “Scan for Rootkits”
Before scanning, turn on rootkit detection so Malwarebytes can find even the most hidden threats. Click the Settings gear icon on the left side of the screen.
In the settings menu, find “Scan for rootkits” and click the toggle so it turns blue.
Done? Click “Dashboard” in the left pane to return to the main screen.
Start the Scan
Click the blue Scan button. Malwarebytes will automatically update its virus database and start checking your computer for malware.
Wait for the Scan to Finish
The scan checks your entire system for browser hijackers and other malicious programs, so it can take several minutes. Feel free to do something else — just check back occasionally to see the progress.
Quarantine the Detected Threats
When the scan is done, you’ll see a list of everything Malwarebytes found — malware, adware, and potentially unwanted programs. Click the “Quarantine” button to remove all of them at once.
Malwarebytes will now remove the malicious files and registry entries and move them safely into quarantine.
Restart Your Computer
Some threats can only be fully removed after a reboot. If Malwarebytes asks you to restart, click Yes. Once you’re logged back in, your PC is clean and you can continue with the next steps in this guide.
When the scan finishes, click Quarantine to remove everything Malwarebytes found. That’s it — your Windows PC is now clean of trojans, adware, and other malware, and should be back to running smoothly.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Malwarebytes for Mac is a free on-demand scanner that removes the malware other security software tends to miss — adware, browser hijackers, and unwanted programs included. Cleaning an infected Mac with Malwarebytes has always been completely free, and it’s our go-to recommendation. Follow the steps below to scan and clean your Mac in just a few minutes.
Download Malwarebytes for Mac
Click the button below to download the latest version of Malwarebytes for Mac.
When the download finishes, open your Downloads folder and double-click the setup file to begin the installation.
Follow the On-Screen Prompts to Install Malwarebytes
The Malwarebytes for Mac Installer will guide you through a few quick screens. Click “Continue” and keep following the prompts until the installation completes.
When the installation is complete, Malwarebytes opens to the Welcome to Malwarebytes screen. Click “Get started“.
Select “Personal Computer” or “Work Computer”
Malwarebytes will ask what type of computer you’re installing it on. Click either Personal Computer or Work Computer, whichever applies.
Start the Scan
Click the “Scan” button. Malwarebytes will automatically update its detection database and begin checking your Mac for malware.
Wait for the Scan to Finish
Malwarebytes will scan your Mac for adware, browser hijackers, and other malicious programs. This can take a few minutes, so feel free to do something else — just check back occasionally to see the progress.
Quarantine the Detected Threats
When the scan is done, you’ll see a list of everything Malwarebytes found. Click the “Quarantine” button to remove all the threats at once.
Restart Your Mac
Malwarebytes will now remove all the malicious files it found. Some threats can only be fully removed after a reboot — if Malwarebytes asks you to restart, allow it. Once you’re logged back in, your Mac is clean.
Once the scan is done, remove every threat it detected. Your Mac is now free of adware, rogue browser extensions, and other potentially harmful software.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Run a Malware Scan with Malwarebytes for Android
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
After the scan, tap Remove Selected to delete all detected threats. Your Android phone is now clean — no more malicious apps, adware, or browser redirects.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
Now that your device is clean, keep it that way. Most infections start with a malicious ad or a fake download button — so blocking them at the source is your best defense.
We recommend AdGuard, which blocks malicious ads, phishing pages, and dangerous redirects before they can reach you.
For additional facts about the “USPS Issues With Your Shipping Address” scam see these FAQs:
Are scammers able to spoof legitimate USPS phone numbers?
Yes, scammers use technical tricks to make scam calls appear to come from real USPS 1-800 numbers on caller IDs. Always independently look up and dial official numbers instead of calling back missed call notifications alone.
How do scammers obtain my personal contact information?
Scammers buy hacked customer databases online or acquire emails and phone numbers from shady data aggregators. They may also scrape publicly available information from websites and social media using bots. It only takes one breach for data to spread across scammer networks.
Can I determine if an email is a scam from the subject line alone?
Sometimes. Suspicious keywords like “USPS Delivery Failure”, “Authorization Required” or “Action Needed” should raise red flags. However, some scams now use innocent sounding subjects about package updates. Check the sender address for the biggest clue.
Is providing an email address or phone number to scammers risky?
Absolutely. Scammers can use email and phone numbers to then target victims across other channels and campaigns. They become malware distribution points or identifiers to access accounts once credentials are phished. Treat contact data as sensitive.
How can data entered on phishing sites be used to commit identity theft?
Scammers can use personal details like names, addresses, and birthdates paired with social security numbers to open fraudulent credit cards or bank accounts. Stolen account credentials also grant direct access to assets and sensitive information that fuels financial theft.
What should I do if a scammer calls repeatedly?
Consistently report scam call numbers to the FTC Do Not Call list, USPS postal inspectors, and your phone carrier. You can use call screening/blocking tools as well. Repeated scam calls are used to intimidate but disengaging quickly remains your best defense.
In Conclusion
This scam leverages familiarity with USPS communications and urgency surrounding package deliveries to lower defenses and steal personal data. However, being informed on common tricks these scammers use makes it much simpler to detect fraudulent notifications and websites. Verify supposed USPS alerts completely before providing information or clicking on links. Being proactive is the best way to avoid having your identity and finances compromised through this scam.
10 Rules to Avoid Online Scams
Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.
Stop and verify before you click, log in, download, or pay.
Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).
If you already clicked: close the page, do not enter passwords, and run a malware scan.
Keep your operating system, browser, and apps updated.
Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.
If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.
Use layered protection: antivirus plus an ad blocker.
Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.
If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.
Install apps, software, and extensions only from official sources.
Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.
If you already installed something suspicious: uninstall it, restart, and scan again.
Treat links and attachments as untrusted by default.
Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.
If you entered credentials: change the password immediately and enable 2FA.
Shop safely: research the store, then pay with protection.
Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.
If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.
Crypto rule: never pay a “fee” to withdraw or recover money.
Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.
If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.
Secure your accounts with unique passwords and 2FA (start with email).
Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.
If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.
Back up important files and keep one backup offline.
Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.
If you suspect infection: do not connect backup drives until the system is clean.
If you think you are a victim: stop losses, document evidence, and escalate fast.
Move quickly. Speed matters for disputes, account recovery, and limiting damage.
Stop payments and contact: do not send more money or respond to the scammer.
Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
Scan your device: remove suspicious apps or extensions, then run a full malware scan.
Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.
These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.
About Stelian
Stelian leverages over a decade of cybersecurity expertise to lead malware analysis and removal, uncover scams, and educate people. His experience provides insightful analysis and valuable perspective.
