Don’t Fall for the Viral USPS Package Tracking Text Message Scam

Have you received a text message claiming to be from USPS, stating a package intended for you is awaiting delivery but “halted” due to missing address details? Beware – it’s likely a scam designed to steal your personal information and money.

This emerging fraud exploits America’s reliance on USPS for delivering mail and packages. Scammers impersonate USPS to trick unsuspecting recipients into clicking links to fake websites disseminating malware or stealing data. The convincing messages and sites dupe victims into providing sensitive information thinking they are assisting package delivery.

Read on to learn all the intricate details of how this USPS package tracking scam operates, how to identify these fraudulent texts and sites, and most importantly, how to avoid becoming yet another victim. Don’t let scammers exploit your reliance on USPS services to compromise your identity, finances or computing devices.

Overview of the USPS Package Tracking Text Scam

A new phishing scam is emerging that exploits Americans’ reliance on USPS for mail and package delivery. Scammers are sending fake text messages claiming a package requires updated address details before it can be delivered. The texts appear to come directly from USPS to trick recipients into clicking malicious links.

This increasingly common scam starts when a text like this arrives:

USPS Package Tracking: Your parcel arrived at the transit center, but delivery was halted due to incomplete address information. Click the link below to update your details so we can deliver your package:

http://www.qoeotyj.cn

Best regards,
USPS Customer Service

The link goes to a sophisticated fake website impersonating the real USPS site. If users submit their information, scammers steal it for identity theft or sell it online. Users may also be prompted to pay a small “redelivery” fee, handing cash directly to scammers.

USPS Scam 1

This scam is possible because SMS messages reach phones instantly without filters, allowing scammers to blast thousands of texts per hour from constantly changing numbers. The texts spoof the USPS brand most Americans inherently trust.

Very few recipients will scrutinize the linked sites closely enough to identify them as fraudulent. The initial text lends a false sense of security that tricks users into providing sensitive personal and financial data. This clever reuse of common phishing tactics with a parcel delivery twist demonstrates the need for vigilance.

Mass Texting Enables Large-Scale Scams

A key factor enabling this scam is the use of mass texting to send messages en masse. Software allows scammers to automate sending thousands of fraudulent USPS alerts per hour from an ever-changing array of “burner” numbers.

USPS Package Tracking Scam

Even if only 1% of recipients act, the volume still means big success for scammers. The constantly rotating numbers provide near-anonymity. Very little can be done to find the source, unlike traceable email addresses. This mass texting approach allows scammers to cast a wide net for victims.

Highly Realistic Fake Websites Fool Victims

While the fake text messages initate the scam, the fraudulent USPS websites complete the deception. Scammers design sophisticated fakes mimicking the real USPS site in remarkable detail. The look and feel dupes all but the most scrutinizing victims.

usps.delivcheck.com scam

Only close inspection reveals small mistakes, but users won’t realize they’re on a fake site after clicking the link in the initial scam text. The convincing designs install a false sense of security that tricks even web-savvy folks into entering personal and financial information.

Exploiting Trust in a Familiar Brand

This scam succeeds by exploiting the widespread trust Americans place in USPS as an iconic institution and household name responsible for delivering mail and packages coast to coast.

This inherent trust means most Americans won’t think twice about contacting USPS if an issue with a package arises. Scammers take advantage of this brand recognition and credibility to fool users into believing their communications are from USPS.

Dual Motivations: Money and Identity Theft

Scammers have dual motivations with this scam. First, they make money by collecting small “redelivery” fees, often just a dollar or two. But charging even small amounts to stolen payment cards allows scammers to profit from the scam directly.

Second, scammers want the personal information like SSN and DOB for identity theft purposes. The detailed data can be used to open fraudulent accounts or sold on the dark web for profit.

Whether by charging fees or selling stolen data, scammers have discovered the USPS brand provides the perfect lure to profit from Americans’ information. Staying aware of their techniques is key to stopping this fraud.

How the USPS Package Tracking Text Scam Works

Scammers rely on specific techniques to effectively execute this scam on unsuspecting victims:

Step 1: Scammers Send Fake USPS Texts

The first component of the scam involves an SMS text message sent to the target’s mobile phone. The text is made to look official using USPS branding and messaging familiar to most Americans:

“USPS: Your parcel arrived at the transit center, but delivery was halted due to incomplete address information. Click below to update details so we can deliver your package:”

A convincing but fraudulent URL meant to mimic a real USPS site will be included.

Step 2: Recipients Click The Link to The Fake USPS Site

If the recipient is actually awaiting a package delivery, they will be inclined click the link assuming it will resolve the delivery issue. But the site it links to simply impersonates the real USPS site while collecting personal data and malware infections from visitors.

Few victims will scrutinize the site closely enough to realize it’s fake, especially given the appearance of legitimacy lent by the official looking initial text message. This demonstrates how effective phishing scams operate.

Step 3: Users Input Personal Information on Fake Sites

After arriving at the fraudulent but convincing imposter site, users will be prompted to enter personal details such as their name, address, phone number, email address and sometimes even additional information like social security number and date of birth.

Scammers intend to use this info for identity theft or sell it on dark web marketplaces. Once provided, victims cannot undo the sharing of their sensitive data.

Step 4: Scam Sites Spread Malware to Visitors’ Devices

In addition to collecting personal information, the fake USPS sites may try to infect visitors’ phones or computers with malware. This allows the operators to steal more data, compromise accounts, or monitor future communications.

Malware payloads can be delivered through malicious links, files to download, or simply from visiting the scam site if vulnerabilities exist in the user’s browser or device OS. Victims won’t even realize their phone or PC was infected.

Step 5: Scammers Disappear with Stolen Data and Money

After users input their personal information and have their devices infected with malware, the scammers will disable the fake site and disappear. No actual package gets delivered, but scammers now have the victim’s data, potentially compromised accounts, and malware planted for future access.

By the time victims realize they’ve been duped, the scammers have changed phone numbers and concealed their tracks. The damage has been done through voluntarily providing the scammers exactly what they wanted.

Here is a section on how to identify and avoid this USPS package tracking text scam:

How to Spot This Scam

While scammers are getting increasingly sophisticated at impersonating trusted brands like USPS, there are still telltale signs you can watch for to avoid getting duped by these fraudulent package tracking texts and websites:

  1. Be suspicious of any unsolicited texts claiming to be from USPS. Legitimate tracking updates are only sent if you proactively sign up for them.
  2. Inspect links carefully before clicking. The texts will include links to convincing fake sites. Watch for odd spellings or domains.
  3. Compare logos and branding. Imposter sites won’t perfectly match colors, addresses and other USPS details. Cross-check anything suspicious.
  4. Watch for urgent calls to action about “incomplete address” or other delivery issues. USPS provides time to fix legitimate problems.
  5. Verify text legitimacy directly with USPS. Contact customer service at 1-800-ASK-USPS to confirm any suspicious messages before acting.
  6. Check site security. Official USPS pages should have “https” URLs and the lock icon. Insecure sites are a huge red flag.

Your best protection is refusing to click links or provide any personal or payment information in response to an unverified text, even if supposedly from USPS. Contact USPS to validate the message first. Staying vigilant guards against parcel tracking scammers trying to profit off Americans’ data.

What To Do If You Are a Victim of the USPS Package Tracking Scam

If you receive one of these phony USPS texts and fall victim by clicking the link or providing information, take these steps immediately to mitigate damage:

1. Contact USPS

Alert USPS customer service that you received a fraudulent text and compromised your data. USPS may be able to provide guidance, block abuse of your info, or help expose the scam sites.

2. Run a Malware Scan

If you visited one of the scam websites, scan your device with updated antivirus software to detect and remove any malware or spyware that may have been installed without your knowledge.

3. Monitor Accounts Closely

Carefully check bank and credit card statements over the coming weeks and dispute any unauthorized charges. Scammers like to work quickly once they have payment info.

4. Reset Passwords

For any existing online accounts associated with the compromised email address or other details, change passwords immediately. Enable two-factor authentication where possible for an extra layer of security.

5. Place Fraud Alert

Contact credit bureaus to place a fraud alert on your name and personal information until the matter is resolved. This alerts lenders to be extra diligent with new lines of credit.

6. File Police Reports

Report the scam to the FTC and your local law enforcement. Provide all available details on the scam phone numbers, websites and other specifics. This helps authorities track and prosecute phishing crimes.

7. Monitor Credit Reports

Order credit reports from Equifax, Experian and TransUnion. Review them for any signs of new fraudulent accounts opened in your name and dispute them immediately. Consider enrolling in credit monitoring to be alerted of new activity.

By acting quickly and cautiously, victims can restrict some damage inflicted by package tracking scammers. But far better protection comes from recognizing their deceitful techniques and never letting your guard down against online criminals masquerading as trusted entities like USPS.

Frequently Asked Questions About the USPS Package Tracking Text Scam

1. What exactly is the USPS package tracking text scam?

This scam involves sending fake text messages claiming to be from USPS and stating a package intended for you has arrived but the address is incomplete. The message provides a link to enter your info so USPS can deliver the package. However, it actually leads to a fake website impersonating the real USPS site in order to steal personal and financial information.

2. How are scammers able to send USPS-branded text messages?

Scammers use software tools to automate sending hundreds or thousands of SMS messages per hour. The texts come from constantly changing phone numbers that can’t be traced back to the scammers. This allows them to blast out messages en masse while hiding their identity.

3. What do the fake USPS text messages typically say?

An example message is:

“USPS: Your package arrived but the address is smudged. Please click below to enter your address so we can deliver your package: http://usps-deliveryassist.com”

The link goes to a sophisticated fake designed to mimic the real USPS site.

4. What personal information are the scammers trying to steal?

The fake sites ask for your full name, home address, phone number, email address, and sometimes even your SSN, date of birth or driver’s license number. Scammers steal this info for identity theft or to sell on the dark web.

5. Do scammers also try to directly steal money from victims?

Yes. After collecting your personal information, the fraudulent site may also prompt you to pay a small “redelivery” fee to supposedly assist in getting your package delivered. This allows scammers to directly profit from victims.

6. How can I identify these USPS package tracking scam texts?

Be wary of any unsolicited texts claiming to be from USPS. Carefully inspect the link before clicking. USPS does not send tracking info via text. Verify a text’s legitimacy by calling USPS customer service at 1-800-ASK-USPS.

7. What should I do if I entered info or paid a fee on a fraudulent site?

Immediately contact USPS to notify them and monitor your accounts for fraudulent charges. Reset any passwords for the compromised accounts. Place fraud alerts with credit bureaus and file police reports to assist investigations.

8. How can I learn more about current text message scams?

Check the FTC consumer alerts page and sign up for scam alert emails. Search online for news articles related to the latest text and phone scams reported. Follow the USPS social media pages for updates on reported scams imitating their brand.

9. Where can I report USPS package tracking scams?

You can report these scams to the USPS Postal Inspectors office and your local police department. File an online complaint with the FTC. Provide all available details to assist authorities.

10. How can I avoid becoming a victim of the USPS package tracking text scam?

Never click links or provide personal/payment information via an unsolicited text, even if claiming to be USPS. Contact USPS directly to confirm legitimacy. Install anti-malware software. Carefully inspect sites before inputting data. Stay vigilant!

The Bottom Line

This USPS package tracking text scam proves that iconic American brands carry no immunity against impersonation by unethical fraudsters. By hijacking the ubiquitous postal service, cunning scammers exploit citizens’ inherent trust in government institutions to compromise identities and swipe cash. Don’t become another statistic. Verify any supposed USPS alerts directly with the source before clicking links or providing data. Staying skeptical protects against criminals creatively profiting off Americans’ reliance on postal delivery. At the end of the day, vigilance is our first and best line of defense against increasingly crafty phishing scams playing off familiar names like USPS.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.