Delivery Phishing Scams
Delivery phishing, fraudulent text messages or emails impersonating parcel carriers such as USPS, FedEx, and UPS to steal personal and financial information, is the most commonly reported text scam in the United States and is widespread globally. The FTC recorded $470 million in losses to text scams in 2024, with fake package delivery being the top reported category.
What we know
Delivery phishing (also called 'smishing' when conducted via SMS) exploits the ubiquity of online shopping. Recipients receive messages claiming a package could not be delivered, that a redelivery fee is required, or that an address needs to be confirmed. The messages include links to fraudulent websites that mimic official carrier sites and are designed to capture credit card details, bank account numbers, or Social Security numbers.
According to the FTC's 2024 Consumer Sentinel data, text scams caused $470 million in reported losses in 2024, five times the 2020 figure, and fake package delivery was the single most reported category of text scam. Because most scams are never reported, this figure represents a fraction of total harm. UK Finance reports that parcel and package delivery scams account for more than half of all identified smishing campaigns in the UK.
Legitimate carriers have explicit policies that they never request payment or personal information via unsolicited text or email for package delivery. Warning signs of delivery phishing include unexpected messages about packages not ordered, generic greetings ('Dear Customer'), a sense of urgency, embedded links (legitimate carriers do not include clickable tracking links in unsolicited texts), and requests for redelivery fees payable by credit or debit card.
Scammers blast these messages to millions of recipients indiscriminately; when recipients happen to be expecting a parcel, the message seems plausible. This probabilistic approach means a meaningful proportion of recipients are fooled even though the message was not targeted. The FBI's Internet Crime Complaint Center (IC3) encourages reporting to ic3.gov.
Common claims
- A text saying 'your package could not be delivered' must be from a real carrier since I was expecting a delivery.False. Scammers send these messages to thousands of random recipients; it is coincidental if you happen to be expecting a delivery.
- Delivery phishing texts are easy to recognize because they look fake.False. Modern delivery phishing texts use official logos, carrier-like language, and realistic-looking URLs that closely mimic legitimate sites.
- A small redelivery fee of under $1 means the risk is minimal.False. The fee is a pretext to capture payment card details, which scammers then use for much larger unauthorized charges.
Evidence hierarchy
All sources
- Top text scams of 2024Federal Trade Commission · 2025
- New FTC Data Show Top Text Message Scams of 2024Federal Trade Commission · 2025
- Fake parcel delivery texts are the top smishing scamUK Finance · 2021
- Protect Yourself from Fraud and ScamsUPS · 2024
- How to Recognize and Help Prevent Fraud and ScamsFedEx · 2024