Beware Of The USPS Your Delivery Has Been Detained Scam

Photo of author

Written by: Thomas Orsolya

Published on:

The United States Postal Service (USPS) is a trusted government agency that millions rely on for sending and receiving mail. However, scammers are taking advantage of USPS’ ubiquity by impersonating them in phishing emails about a delayed package delivery. This “USPS Your Delivery Has Been Detained” email scam aims to trick anxious recipients into paying fake fees or downloading malware.

In this comprehensive guide, we’ll break down how the USPS delivery detained scam operates, what techniques scammers use, tips to avoid falling victim, and steps to take if you fell for the phishing attempt. With awareness of the common red flags, consumers can protect themselves from this deceitful scam.

USUS Delivery Has Been Detained Scam

Scam Overview

The USPS Your Delivery Has Been Detained scam works by sending authentic-looking but fraudulent emails claiming that a package delivery addressed to the recipient has been halted at a USPS facility. These emails mimic legitimate USPS update emails both in structure and content.

The messages state various reasons for the package being stuck, like insufficient postage paid, customs fees due, prohibited item found, or missing paperwork. An unpaid delivery fee or customs charge of around $5 to $10 is often cited.

The email includes a link, PDF attachment, or instructions to go to a provided USPS website in order resolve the problem so delivery can proceed. However, these links and sites are fake phishing traps set by scammers to steal data or infect devices.

These digital ambushes leverage the anxious mindset people often enter when anticipating the arrival of a package. Scammers bank on the notion that a concerned recipient will act hastily to get their package moving again by paying the small fee or following the resolution steps without scrutinizing the legitimacy of the information.

The ubiquity of USPS as the default postal service also lends credibility, since they deliver millions of parcels daily. However, official USPS policy is to deliver all mail to the recipient regardless of fees – they do not detain or hold packages unless required by court order. But scammers exploit the fact that many recipients are unaware of these policies.

By instilling fear that a wanted package is being intentionally withheld over a small, fixable issue like an unpaid fee, scammers increase the likelihood victims will let their guard down and take action. The result is unsuspecting people getting tricked into visiting malicious sites, entering sensitive personal and financial data, or downloading malware onto their devices.

How the Scam Works

Scammers execute the USPS package detained phishing scam through deceptive emails and fake websites impersonating the look, messaging, and branding of official USPS communications and sites. Here are some of the common ways the scam unfolds:

Deceptive Emails

The scam usually starts with an email sent to the target recipient:

  • The sender email address is spoofed to appear as usps.com, uspsdelivers.com, or other USPS domains, though it actually originates from the scammer.
  • Subject lines state things like “USPS Delivery Failed,” “USPS: Action Required,” “USPS Delivery Issue,” or “Your USPS package is on hold.”
  • The email body explains that your package has encountered an issue during processing or delivery that needs resolution for it to be delivered.
  • Common reasons given are insufficient postage, customs duties unpaid, prohibited item found, missing shipping information, or general delivery failure.
  • An unpaid fee or customs charge of around $5 to $10 is typically cited, with a link provided to pay it so delivery can proceed.
  • The message contains urgency and threats of returned to sender or confiscated items if the issue isn’t resolved quickly.
  • Official USPS branding, colors, fonts, templates, and messaging are used to appear legitimate.

Malicious Links

The emails include links scammers hope victims will instinctively click on:

  • Links in the email or PDF attachment claim to let you pay the shipping fee or delivery charge so your package gets moving again.
  • In reality, the links lead to phishing sites impersonating USPS that ask for personal and payment info to steal, or have malicious software to download.
  • Links may direct to realistic-looking but fake USPS payment portal sites to enter credit card data, which scammers harvest.
  • Other links install malware directly onto your device through drive-by downloads without any action needed.

Malware Downloads

Many versions also incorporate malware attachments in the scam email:

  • Instead of links, some emails attach a fake USPS form, invoice, or notice that needs to be printed and paid at a Post Office location.
  • The attachment is typically a compressed ZIP file or PDF that victims are instructed to open and print.
  • Hidden inside the attachments are malware executable files that install on computers when opened.
  • The malware gives scammers remote access to your system and compromised data.

Fake Websites

Whether via embedded links or attached files, the goal is to get victims to a fraudulent USPS-themed website:

  • Scammers either direct victims to mock USPS sites they’ve created, or victims land there by clicking links or installing malware.
  • The sites impersonate actual USPS webpages and domain names to appear legit.
  • Victims are prompted to enter personal data and credit card information to pay the fake delivery fee or customs charge.
  • Any data entered is harvested by the criminals running the fake site to commit identity theft or make unauthorized transactions.
  • The sites also contain additional malware to infect visitor’s devices.

What to Watch Out For

There are a few common indicators to help identify this scam:

  • You’re not actually expecting a package delivery. Scammers cast a wide net.
  • The sender email address looks suspicious or doesn’t match a real USPS domain.
  • Names, addresses, or other details don’t match your real USPS data.
  • Poor spelling, grammar, or obviously formulaic language signals a scammer.
  • Threats to confiscate your package over a small unpaid fee seem questionable.
  • Links take you to odd URLs rather than official USPS sites.
  • Attachments are common virus carriers and not normally how USPS communicates.
  • Requests for personal information or credit card numbers via email are always suspicious.

What to Do if You Get the Scam Email

If you receive a suspicious email about an outstanding USPS delivery fee or package detention, take the following actions:

  • Avoid clicking: Do not click any links or download attachments in scam emails, as they will very likely harm your device. Delete the message immediately.
  • Check delivery details: If you are expecting a package, log into your official USPS account or contact USPS customer service to confirm status.
  • Look up official contact info: Find legitimate USPS phone numbers and site addresses, not those provided in suspected scam emails.
  • Watch for fraud: Monitor financial statements and accounts closely in the following weeks for signs of misuse of your data or unauthorized charges.
  • Scan your device: Install comprehensive security software and run scans to uncover any malware that may have reached your system already. Remove anything harmful found.
  • Change passwords: If you did provide data or click links in the scam, change passwords on any potentially compromised accounts. Enable two-factor authentication where possible.
  • Submit the email: Forward scam emails to USPS email address uspis.gov or report it through the USPS Postal Inspectors complaint form to aid investigation.

What to Do if You Paid the Fake USPS Fee

If you unfortunately fell for the phishing scam and paid the fraudulent USPS fee, take these steps to mitigate damages:

Contact your bank

If you paid by debit or credit card, contact your bank or card issuer immediately:

  • Inform them you paid a fake fee online and believe your card is compromised. Request reversal of the charge if possible.
  • Ask to receive a new card number to prevent additional fraudulent charges.
  • Monitor statements closely for further unauthorized charges by scammers.

Run security checks

Thoroughly scan all involved devices for viruses, malware, or other threats downloaded:

  • Download and run full system scans using comprehensive security software to uncover and remove any infections or suspicious programs.
  • If your system was compromised, reset all account passwords from a different safe device once yours is cleaned up.

Submit complaints

File reports about the scam with relevant agencies so they can investigate further:

  • Submit details via the FTC complaint assistant form regarding fraud.
  • Report online to the FBI’s Internet Crime Complaint Center.
  • Contact your local USPS postal inspector’s office in person or through their complaint form.
  • Warn others about current USPS phishing scams by reporting on sites like Fraud.org or BBB.org/scamtracker.

Monitor accounts

Check all your financial accounts regularly for misuse of your information stolen via the scam:

  • Look for further unauthorized charges or password reset notices.
  • Alert respective institutions of suspected fraud.
  • Consider enrolling in credit monitoring to detect any suspicious accounts opened in your name.

Staying alert following a scam attempt can help contain the damage and ensure you don’t become a victim of further fraud.

Frequently Asked Questions about the USPS Delivery Detained Scam

What is the USPS delivery detained email scam?

This is a phishing scam where scammers send fake emails pretending to be from USPS claiming your package is detained until you pay an outstanding fee or customs charge. The goal is to trick you into clicking links or opening attachments containing malware.

How do I recognize this USPS scam email?

Watch for emails about seized packages with links to pay unlocked fees, urgent threats about non-delivery, incorrect recipient details, grammar issues, and suspicious sender addresses not matching official USPS domains.

I got an email that my USPS package is detained. Is it real?

Very unlikely. USPS does not actually contact customers about detained packages or unlock fees. Do not click links or attachments within the email, and report it as phishing to USPS.

What should I do if I get the scam email?

Do not click any links or download attachments, which may contain malware. Forward the email to uspis.gov to report it. Delete the fake message. If you’re expecting a package, proactively contact USPS to confirm status.

Is it safe to pay the fee in the email to release my package?

No, the fee will be fraudulent. No payment details should be entered on any website linked in a suspicious email. Payments can only be safely made via official USPS channels.

What happens if I clicked the link or attachment in the scam email?

You may have picked up computer viruses, ransomware, or given the scammers access to your data. Run virus scans to check for malware, change account passwords, and monitor closely for fraud.

How can I avoid falling for this USPS delivery scam?

Use security software to block malicious sites and attachments. Don’t open emails from unknown senders. Verify any delivery irregularities directly with USPS. Never pay fees via unsolicited emails.

Who is responsible for this scam?

Cybercriminals running phishing schemes to steal money and information are impersonating USPS to trick customers expecting packages into clicking malicious links by pretending their delivery is detained.

How can I report the USPS delivery detained scam email?

Forward the scam email to uspis.gov. You can also report it directly to USPS Postal Inspectors through their online complaint form to aid investigation.

Conclusion

The USPS Your Delivery Has Been Detained scam preys on people’s anxiety about missing an anticipated package. By disguising phishing attempts as legitimate postal service notices, scammers play on recipients’ fear of non-delivery to convince them to pay dubious fees or unknowingly download malware. However, understanding common techniques used in this scam makes it easier to recognize fraudulent USPS emails and websites. Exercising caution when contacted about package issues, avoiding opening attachments, and proactively confirming any irregularities directly with USPS can keep you from being tricked. Staying informed is key to outsmarting fraudsters seeking to capitalize on delivery-related phishing opportunities.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

Previous

Beware Of The DHL You Package Has Underpaid Fee Scam

Next

Msiexec.exe Impersonation – Top Warning Signs and Removal Tips