Fake delivery notification phishing scams
Fraudulent text messages and emails impersonating postal services and courier companies, claiming a package delivery failed or requires a small fee, are a well-documented and widespread phishing technique used to steal payment details and personal information.
What we know
Delivery phishing, sometimes called 'smishing' when delivered via SMS text message, involves fraudulent messages impersonating postal services, couriers, or logistics companies such as national postal services, UPS, FedEx, DHL, or Amazon, claiming that a package could not be delivered due to an unpaid customs fee, incorrect address, or missing signature, and directing the recipient to click a link to resolve the issue. These links lead to convincing fake websites that closely mimic the real courier's design and branding, where victims are prompted to enter payment card details to pay a small redelivery fee, personal identifying information, or login credentials, all of which are then harvested by the scammers rather than used for any genuine delivery service.
National cybersecurity and postal fraud agencies across many countries have documented this as one of the most common phishing formats in circulation. The UK's National Cyber Security Centre and Royal Mail have both issued repeated public warnings after tracking large-scale smishing campaigns impersonating Royal Mail specifically, with reported cases numbering in the tens of thousands during peak campaign periods. The US Postal Inspection Service and the Federal Trade Commission maintain public advisories on the same pattern involving USPS impersonation, and Europol's cybercrime reporting has identified delivery-themed phishing as a persistent seasonal spike coinciding with major online shopping periods, when consumers are more likely to be expecting a genuine parcel and therefore less likely to scrutinize an unexpected delivery message closely.
The technique is effective because it exploits a plausible, mundane real-world scenario, most people have ordered something online and are accustomed to receiving legitimate automated delivery updates by text or email, making a fraudulent version blend easily into a person's normal digital routine. The requested payment amounts are typically small, a few dollars or euros for a supposed customs charge or redelivery fee, a deliberate design choice fraud researchers note reduces a recipient's hesitation compared to a request for a large sum, while the payment page itself is frequently used to capture full card details, including security codes, that can then be used for larger unauthorized transactions elsewhere.
Security agencies consistently advise against clicking links in unsolicited delivery notifications, and instead recommend checking a suspected delivery status directly through the courier's official app or by typing the courier's known web address manually rather than following a link. Indicators commonly cited in these advisories include sender phone numbers or email addresses that do not match the courier's known official contacts, generic greetings rather than a specific name or order reference, urgent time-limited language, and requests for payment card details for what should be a service typically included in shipping costs. Real customs charges, when they do legitimately apply to international parcels, are generally invoiced through the official postal or courier account system rather than through an unsolicited text message link, a distinction fraud prevention agencies highlight as a reliable way to separate genuine notices from phishing attempts.
Common claims
- Text messages claiming a package delivery failed and asking for a small fee are commonly phishing scams.Supported, this is one of the most widely documented phishing patterns tracked by national cybersecurity agencies.
- These scam sites are designed to look identical to real courier websites.Supported, fraud investigators confirm scammers closely replicate real branding to appear legitimate.
- Entering payment details on these fake sites only results in losing the small stated fee.Not supported, harvested card details are frequently used for larger unauthorized charges afterward.
- Checking delivery status through the courier's official app avoids this scam.Supported, security agencies recommend this as a safer verification method than clicking message links.

