Beware the USPS “Item Has Arrived At The Distribution Center” Scam

Photo of author

Written by: Thomas Orsolya

Published on:

If you recently received a text claiming an item arrived at a USPS distribution center but can’t be delivered due to an incomplete address, be warned. This is actually a sneaky new phishing scam aiming to steal your personal information and credit card data.

This scam starts with a text message that instills urgency in the recipient to click a link and supposedly update their address. But the link directs to a fraudulent website impersonating USPS to harvest your sensitive details. Armed with this data, scammers can hijack your identity and finances.

By understanding how this scam ensnares victims, you can identify the deception and protect your personal information. Don’t let anxiety over a halted shipment cloud your judgment. This comprehensive guide will provide the knowledge needed to defeat this scam.

USPS Scam 1
USPS Scam 2 2
USPS Scam 1

An In-Depth Overview of the Alarming USPS “Item Has Arrived At The Distribution Center” Text Message Scam

This troubling scam starts when a text message states an item arrived at a USPS distribution center but cannot be delivered due to an incomplete address. The message claims to be from USPS and provides a link to update your address and reschedule delivery.

But the link directs victims to an elaborate fake version of the USPS website, asking users to enter personal information and even credit card details, which are promptly stolen by scammers.

For example, the deceptive text may state:

“USPS ALERT: Your item has arrived at the distribution center and cannot be delivered due to an incomplete address. Please click the link to update: [Link to scam website]”

This text is crafted to panic recipients who are waiting for package deliveries into urgently clicking the link to resolve the address issue. The scam site looks identical to the real USPS site, with the same colors, branded headers, navigation, and images. But it is a fraudulent site impersonating USPS with a slight difference in the domain name.

Once victims arrive at the fake site, it displays tracking details for a non-existent package and claims the address is incomplete, preventing final delivery. The site prompts users to enter their name, phone number, home address, and email address to “correct” the delivery issue. If victims provide this personal data, the scammers capture it instantly.

The deception then deepens as the site requests a credit card number to pay a small $1 “redelivery” fee. If users also enter their card details including number, expiration date, and CVV code, the scam reaches completion. Scammers immediately gain access to steal funds or sell your credit card number on the black market.

With your personal information and credit card data, scammers can now commit various forms of identity theft and financial fraud, including:

  • Opening fraudulent credit cards and bank accounts in your name
  • Taking out loans or lines of credit and draining funds
  • Accessing your bank account directly to steal money
  • Selling your credit card data on the dark web to other criminals
  • Making unauthorized purchases online or in stores with your card
  • Signing you up for costly monthly recurring subscription plans
  • Filing fake tax returns with your information to collect refunds
  • Hacking into your email, social media, and other online accounts
  • Commiting medical identity theft with your personal information
  • Damaging your credit score and history with their actions

The damage caused by this scam can be extensive if scammers gain enough of your personal details to fully commit identity theft. They can open accounts, get state IDs, file tax returns, access credit cards, and destroy your finances and reputation before you ever find out.

And victims often don’t detect the initial security breach, until the first signs of identity theft surface. The small $1 “redelivery fee” charge can seem innocuous at first and may go unnoticed.

With the ubiquity of package deliveries currently, this scam has perfected the ability to ensnare countless victims by preying on anxieties around an undelivered item. The detailed tracking information and mirrored USPS website give the scam an air of legitimacy that tricks many recipients.

Losses to these types of USPS and delivery phishing scams amounted to nearly $100 million in 2021 alone. But awareness of the scam tactics is the key to recognizing the deception before falling into the trap. Consumers must be vigilant about verifying the URL, text sender, legitimacy of sites, and resisting the urge to panic click on links regarding packages.

With the surge in ecommerce and deliveries, tactics like this scam are likely to persist and evolve. But an informed populace can protect themselves by learning to identify the warning signs of delivery scams before turning over valuable personal data. Don’t let a fake text lure you into gifting the keys of your identity and finances to faceless scammers.

How the USPS “Item Has Arrived At The Distribution Center” Scam Works

Here is the detailed anatomy of how this USPS scam successfully ensnares victims:

1. Recipients Get Deceptive Text

The scam begins by text blasts to mobile devices stating a USPS “Item Has Arrived At The Distribution Center” but cannot be delivered due to an incomplete address. It provides a link, claiming it will allow you to update your address and reschedule delivery. But this link goes to a fraudulent site.

2. Victims Redirected to Fake USPS Site

If recipients click the embedded link, they are directed to a sophisticated fake USPS website mirroring the real USPS site in design. The scam site displays tracking details for a non-existent package and claims address info must be updated before delivery can occur, playing into user anxiety over stalled packages.

3. Fake Site Requests Personal and Credit Card Information

This counterfeit site prompts users to enter their full name, phone number, home address and email to “correct” the address issue preventing delivery. If victims submit this personal info, the scammers immediately steal it.

The deception deepens as the fake site then requests credit card details to pay a small $1 “redelivery” fee. If users provide this financial information, the scam reaches its completion.

4. Scammers Steal Entered Personal and Credit Card Data

At this point, scammers have captured victims’ personal information and credit card number, security code and expiration date if entered. They promptly sell this data on the black market to be used in identity theft schemes.

And if credit card details were provided, scammers will make fraudulent purchases online or sign victims up for unwanted recurring subscription plans that are difficult to cancel. This small $1 charge often goes unnoticed initially.

5. Stolen Information is Leveraged for Ongoing Fraud

With the acquired personal and financial data, the scammers can now commit various forms of identity theft and fraud, including:

  • Selling credit card info on the dark web
  • Making unauthorized purchases with stolen card numbers
  • Opening fake accounts and taking out loans with victims’ information
  • Signing up victims for monthly recurring subscriptions
  • Filing fraudulent tax returns and collecting refunds
  • Hacking into bank accounts or investment accounts

The damage can be severe if scammers gain access to enough of your personal data. Staying vigilant is key.

What To Do If You Shared Information with the Fake USPS Site

If you suspect you entered any personal details or credit card information into the phony USPS website, here are the immediate steps to take:

  • Contact your credit card company and bank to check for unauthorized charges. Cancel your current card and request a new one.
  • Monitor your financial accounts frequently for fraudulent activity, both large and small charges. Scammers often make small test charges first that can seem innocuous.
  • Place a 90-day fraud alert on your credit reports and review your reports carefully from Equifax, Experian and TransUnion. Look for any accounts you don’t recognize.
  • Reset passwords on all financial accounts and change security question answers. Avoid reusing the same credentials across multiple accounts.
  • Consider signing up for identity theft monitoring services to be alerted of suspicious credit inquiries or accounts opened in your name.
  • File a report with the FTC, FBI, FCC and USPS providing details about the scam text, website, and losses. This can help stop the scam.

Acting quickly is crucial if your data was compromised. Catching and freezing any unauthorized activity early is key to limiting the extent of damage.

Red Flags: How to Detect the USPS “Item Has Arrived At The Distribution Center” Scam

Stay vigilant against this scam by watching for these common traits of the fraudulent USPS text messages and websites:

Deceptive Text Message Red Flags

  • Message originates from unknown number, not USPS’s verified short code.
  • Contains grammatical errors uncharacteristic of USPS.
  • Requests personal details or payment over text.
  • Includes suspicious link to a non-USPS affiliated domain.
  • Uses threats or urgency to pressure action.

Fake USPS Website Warning Signs

  • URL looks official but site redirects to an obscure domain.
  • Low resolution graphics, logos and images.
  • Lack of “https” secure site designation in URL.
  • Requests for sensitive data like SSN, bank account numbers.
  • Credit card portal doesn’t have standard security measures.

Go slowly and verify site legitimacy before providing personal data.

Frequently Asked Questions About the USPS Item Arrived Scam

This FAQ provides crucial facts and guidance regarding the deceptive USPS “item arrived” text message scam.

1. How can I identify the USPS item arrived scam text?

Watch for these common traits:

  • Claims an item arrived but delivery address is incomplete
  • Says to click a link to update your address and schedule delivery
  • Appears urgent, pressuring immediate action
  • Originates from an unfamiliar number, not USPS’s verified SMS code
  • Contains typos, grammatical errors or odd phrasing
  • Asks for personal details or payment over text
  • Includes a suspicious shortened URL

Verify the sender before clicking links in texts regarding package deliveries.

2. Where does the link in the scam text redirect users?

The link directs to a sophisticated fake copy of the real USPS website. This fraudulent site requests your personal and financial data by posing as a real USPS page where you manage delivery issues.

3. What are the red flags of the counterfeit USPS site?

Warning signs include:

  • URL looks official but site has slightly different domain
  • Missing verified HTTPS secure site seal
  • Low resolution graphics and images
  • Requests for sensitive info like SSN and bank accounts
  • Credit card page lacks standard security features

Access USPS.com directly, not via text links.

4. What do scammers do with my data from the fake site?

Scammers use your details for various criminal schemes:

  • Selling your credit card number on the dark web
  • Making unauthorized purchases with your credit card
  • Opening fake accounts and taking out loans in your name
  • Signing you up for recurring monthly billing subscriptions
  • Filing fraudulent tax returns to steal refunds
  • Draining your financial accounts

5. What should I do if I entered info on the phony site?

If you shared any data, take these steps right away:

  • Contact banks and card companies to halt charges
  • Monitor accounts closely for fraudulent activity
  • Place fraud alert and check credit reports
  • Change account passwords and security questions
  • Sign up for credit monitoring services
  • Report the scam to USPS, FBI, FTC, and FCC

6. How can I avoid this item arrived text scam?

Protect yourself using these tips:

  • Don’t click links in texts from unknown numbers
  • Verify the USPS SMS short code before responding
  • Go directly to USPS.com, not via texts
  • Analyze sites carefully before entering information
  • Never provide personal or financial data from out of the blue texts

Staying vigilant against phishing and verifying sites can help you steer clear of this scam.

The Bottom Line

This USPS “Item Has Arrived At The Distribution Center” text scam offers a sobering case study in how convincing modern phishing ploys have become. By mirroring trusted brands like USPS and stoking anxieties about stalled packages, scammers can convincingly portray fake scenarios that lure in targets.

But savvy citizens can outwit these frauds by being aware of their techniques, verifying senders, assessing URLs closely, and never letting urgency override caution with links or sensitive data. Remember, anytime someone requests your personal or financial information unexpectedly, it merits extra scrutiny.

While this scam may seem sophisticated, a bit of digital literacy, healthy skepticism, and trust in your own judgment can go a long way. Don’t become another statistic. Stay vigilant and protect your hard-earned personal data.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

Leave a Comment

Previous

Don’t Get Fooled by Uvines – Read Our Crypto Scam Findings

Next

Ariatus.top Scam Store: What You Need To Know