- Fake SMS alerts claim to be from legitimate courier services
- URL requests personal or financial information to arrange redelivery
- If in doubt, please visit the official website and enter your tracking number
A new survey reveals the fastest-growing type of scam you may have received this month: fake package delivery alerts sent via text message.
according to Research published by NatWest BankFake delivery alerts are the fastest-growing scam in 2024, a British bank says.
The messages are sent to your phone via text message and claim to be from a courier service. They said they tried shipping the package but it needed to be rescheduled. They then prompt the recipient to click the link.
This malicious URL leads to a legitimate-looking phishing website. It will ask for personal details and often a fee to arrange a fictitious redelivery. If users submit information here, including login credentials or credit card details, cybercriminals will be able to use it for fraudulent purposes, including purchases.
Examples we’ve seen of companies being impersonated include FedEx, DHL, and UPS. Since it’s common to receive genuine redelivery alerts via text message, it’s easy to be fooled by seemingly convincing messages. It’s also easier to fake a text message alert because it contains fewer words and doesn’t include a logo.
This plan uses strategies that most people use Phishing Scam. This message creates a sense of urgency, as most people want to respond to missed packages and schedule redelivery as quickly as possible. They may also receive and read text messages while away from home and distracted, which means they don’t pay enough attention to whether the text messages are legitimate.
This scam works especially well this time of year, when many people expect real deliveries before the holidays. The scam also relies on emotional manipulation: many packages will contain gifts for loved ones, so people will be particularly keen to ensure they arrive safely.
As a result, recipients of the newsletter can take quick action to resolve apparent issues. This may cause them to ignore inconsistencies in messages, such as missing tracking numbers.
How to stay safe
As with any text or email you receive claiming to be from a real company, the most important step is to stop and think before clicking the link. Be wary of telltale signs of phishing scams, especially any urgent requests for personal or financial information.
NatWest fraud expert Stuart Skinner advises people: “Think about it: would a real courier company ask you to click on a link and pay?”
This statement from FedEx mirrors the position of most express services: “FedEx will not request any personal information related to your account credentials or identity through unsolicited mail, email or text messages.”
Once you’ve stopped to think, consider the details in the message and ask yourself a few questions. Are you waiting for delivery? If so, which company is responsible for shipping? When you place your order, you should receive a confirmation letter which will tell you the courier service and tracking number. If these don’t match, then you’ve received a false message.
You should also look out for grammatical errors in your messages, as well as misspelled website addresses or variations of the real URL. If you’re not sure about a link, don’t click it. Instead, go directly to the official website of the courier service and enter your tracking number. This ensures you see real information about your package, including whether any action needs to be taken.
Most couriers will offer advice on how to avoid fake delivery scams. For example, DHL notes: “If you don’t know the sender and don’t expect to receive an email or text message, you may be exposed to phishing.”
The U.S. Postal Inspection Service echoed this advice: “If you suspect a text message you have received is suspicious but are waiting for a package, please do not click on any links. Instead, report it and access USPS.com from your mobile device or computer. Tracking and other resources…”
UPS has similar advice: “If you are unsure of the validity of the text, do not click or select any links or open any attachments as they may contain viruses.”