Have you ever received a text or email from USPS or FedEx about a delay in delivering your package? If you didn’t order anything, these scam messages are easy to ignore. But non-delivery package scams can be very lucrative this time of the year with most of us shopping online.
“It’s that time of the year — mistletoe, Christmas trees and scammers hammering consumers with fake texts about your package delivery from USPS, FedEx or other services,” said Richard Bird, chief security officer at API security firm Traceable AI.
According to a new CNET survey, 66% of US adults are scared of falling for a scam this holiday season, with non-delivery package scams at the top of the list. Scammers exploit a spike in online shopping activity by sending texts with fake links in hopes of stealing your personal or financial information. These texts may even look legitimate, but there are ways to avoid falling for them.
How do non-delivery package scams work?
A non-delivery package scam is a text or email sent by a cybercriminal hoping to trick you into sharing personal or financial data. These texts, which can look like delivery tracking notifications, often indicate that something is wrong with your package. They may ask you to click a link to verify your shipment or fix payment details.
The danger of non-delivery package scams is that anyone can fall for them — especially during busy seasons of online shopping like the holidays
Like other scams, cybercriminals want to trick victims of non-delivery package swindles into acting without thinking.
“These scams usually create a sense of urgency,” said Brian Cute, COO of the Global Cyber Alliance. “Their aim is to trick people into clicking on malicious links or sharing personal data.”
If you receive one of these messages and mistakenly click the link, you’ll be redirected to a site mimicking USPS, FedEx or another courier. Opening the link can also lead to malware being downloaded onto your personal device.
Why am I being targeted in these scams?
If you’ve received these messages, or any other correspondence that look like scams, your personal identifiable data may have been compromised in a data breach and leaked on the dark web. Scammers use this personal data to craft personalized messages tailored to you or just send more out in hopes of a higher success rate.
“Unfortunately, the information scammers use has been collected from dozens, if not hundreds, of hacks of your personal data,” Bird said.
Two of the largest data breaches this year involved background check company National Public Data and medical software provider Change Healthcare. Hundreds of millions of people were impacted by these breaches.
As the adoption of artificial intelligence becomes more widespread, cybercriminals are also using the technology to streamline communication, according to Jeff Scheidel, COO at authID.ai, a biometric authentication software company.
“AI has allowed scammers to produce more authentic-looking messages, making it harder for consumers to spot red flags,” he said. “Many messages prompt immediate action to create a sense of panic.”
How can you avoid package scams?
Look for typos in both the message and provided URL of a message. Poor grammar and generic greetings like “Dear Customer” are other signs the message you’ve received may be a scam.
You should also do the following before reacting to the message:
- Ask yourself did I sign up for tracking notifications? If not, “be wary of texts or emails claiming to be from a delivery service,” Cute said.
- Verify links and information directly with companies. Instead of clicking provided links, visit the delivery service’s official website to track your package or contact the retailer.
- Look for red flags. Be suspicious of any payment requests or a sense of urgency to fix an issue.
What to do if you fall for a package scam
If you think you might have been duped by a non-delivery package scam, take these steps to try to limit the fallout:
Contact your bank or credit card company
You should report fraud to your bank or credit card issuer after falling for any scam. In the case of package scams, your financial institution may not be able to get back your funds, but it will help protect your account.
Report the incident
There are a number of agencies you can report these scams to.
- Forward suspicious text messages to the FCC at 7726 (SPAM).
- Contact the FTC and FBI’s Internet Crime Complaint Center to inform them of your case.
- You can additionally report scam messages to the United States Postal Inspection Service at spam@uspis.gov or report it via their website. Similarly, send scam emails impersonating FedEx to abuse@fedex.com. To report scams to UPS, click here.
Consider freezing your credit
Depending on the level of sensitive information you provided during the scam, you may opt to freeze your credit reports so that no one can open a new line of credit in your name.
Also, keep an eye out for any unusual activity on your bank statements in the weeks and months following a scam.
Sign up for identity theft protection
Finally, consider signing up for identity theft protection. These services can help monitor your personal information on the dark web and alert you if something is awry so that you can take necessary steps. Individual plans start at about $7 to $15 per month. ID theft protection services normally come with cybersecurity tools like password managers and antivirus protection and identity theft insurance.
More advice on protecting your identity
