Text messages claiming to be from FedEx, UPS, or the USPS are on the rise. Here’s how to recognize a fake delivery email or text and what to do to protect yourself.
CR spoke with cybersecurity experts about why you’re suddenly receiving more delivery scam texts and emails than you can count, what to do about them, and up-and-coming scams you need to keep on your radar.
By Lisa Fogarty
Whether it’s a holiday or any given Tuesday, finding packages at our front door isn’t so much a surprise as an expectation for some people. Unfortunately, scammers are using our consumer habits against us by sending out delivery emails and text scams claiming to be from FedEx, UPS, and the U.S. Postal Service (USPS). The messages look legit, but they could cost you money and compromise your data.
Perhaps you’ve already come across one of these bogus emails or texts. The subject line is often one of great urgency: The first delivery scam email I received claimed that it was from UPS and that they were trying to deliver a package to me but had the wrong address. If I didn’t act immediately, click on a link, and provide the correct information, my package would be returned. Even though I knew I hadn’t ordered anything recently, my family’s reliance on delivery services for goods meant I couldn’t be sure the message wasn’t legit.
Still, something didn’t sit right about the email. When I hovered over the return address, it was a nonsensical name with many numbers coming from a Gmail account. Also, when has UPS or any other service cared so profoundly that I receive a package that it would try and elicit a house-is-on-fire response from me? I Googled “UPS scams.” Sure enough, I discovered that post office and delivery service email and text scams are so common now that they even have a nickname when they are sent as texts: smishing (phishing in text message form).
What Are Scam Delivery Emails and Texts?
Fake delivery emails or texts often claim you missed a delivery attempt or that your order is ready to ship, but your shipping preferences must be updated. They will nearly always include a link to a realistic-looking website where you are asked to supply personal information such as your address and credit card details. Sometimes, clicking or tapping the link can install malware on your device that steals information such as your usernames and passwords, which scammers can use to access your online banking, email, and social media accounts.
According to cybersecurity expert Joseph Steinberg, these scams aren’t new and persist because they work. “They’re great scams from the perspective of the scammer,” Steinberg says. “There are two things going on in the scammer’s favor. If I send out enough emails, especially during holiday time, I am essentially guaranteed that somebody who’s getting it is going to have just spoken with UPS or FedEx or had some issue with it. So for them, it’s going to look real.”
Steinberg says the odds of the recipient clicking something are high if a scam email makes it through the spam filter. There’s also a certain sense of legitimacy that comes with this scam because people are used to experiencing issues with their packages. “If I get an email from my bank saying, ‘Hey, we want you to reset your password,’ people have been trained that that’s suspicious,” Steinberg says.
The urgent tone in these emails and texts is intentional and preys upon people’s tendency to panic. “They want to elicit an emotion so that you don’t think, you react,” cybersecurity expert Anthony Mongeluzo, president of PCS, tells CR.
Delicia Reynolds Hand, senior director of CR’s Digital Marketplace, says delivery scams are particularly effective because they tap into our normal routines and expectations. “When consumers receive a message about a package—especially one they might be waiting for—their instinct is to click or respond immediately,” Reynolds Hand says. “But that moment of urgency is exactly what scammers are counting on. Taking even a 30-second pause to verify the message through official channels like the carrier’s app can be the difference between security and compromised personal information.”
How to Spot Scam Delivery Emails and Texts
At first glance, a scam delivery email or text can look like the real thing. But spending a few minutes inspecting the message will sometimes call up clues that it’s a scam. “If you actually look at the sender of the email, a lot of times it comes from a junk domain, a garbage domain,” Mongeluzo says. “They’ll make it look like a real domain, but it might be one letter off. If you actually highlight the link they want you to click, the link could say www.google.com. But if you hover over it, it’s going to actually show you the real address.”
The older method of searching emails and texts for spelling mistakes to prove it’s a scam is outdated now that artificial intelligence (AI) is ubiquitous. Steinberg says the approach of trying to figure out whether a message is scammy or not is dangerous because people just don’t do a good job at that, and scammers keep getting better at fooling us.
He also says sometimes the mistakes are intentional to make them sound like real, relatable people (because people make spelling mistakes all the time).
Scammers are increasingly using AI to create more convincing delivery scam messages—complete with realistic branding, fewer spelling errors, and personalized details, according to Reynolds Hand. “This technological advancement means consumers need to be more vigilant than ever,” Reynolds Hand says. “Remember that legitimate delivery services will never ask for payment information, passwords, or personal details through text or email links.”
How to Protect Yourself From Scam Delivery Emails and Texts
Instead of wasting time playing detective and poring over scammy emails, Steinberg tells CR he recommends downloading the USPS, FedEx, and UPS apps and tracking your packages through the apps. “If you get a message from UPS saying your package is being returned to sender or something like that, go into the UPS app and see if it’s accurate or not,” Steinberg says.
Mongeluzo says that preventing these emails and texts from disrupting your day isn’t a realistic goal, even if you use services like email filters. If you set the filter too high, you can also lose good emails. You can report fake USPS emails and report unwanted calls and fraud to the Federal Trade Commission. Unfortunately, even if that particular email address you report is shut down, Mongeluzo says scammers can make a new email address every second.
The best defense is a good offense: Download the delivery apps for services that you use and ignore and delete scam messages.
How Often Do Delivery Email and Text Scams Work?
Steinberg says sending delivery scam texts and emails has little to no overhead cost (proxy services can be rented), and even if hackers get a fraction of a 1 percent success rate, it’s a big success. “I send out a million messages and a 10th of 1 percent would be a thousand victims,” Steinberg says. “A 100th of 1 percent would be a hundred victims. So there’s very little cost to doing it, the chances of getting caught are very low, and I don’t need a high success rate.”
Looking Ahead: What Scams Are Next?
The minute we become aware of the latest text and email scam, you can guarantee that new scams we don’t yet know about are already out there. “Believe it or not, the next big scams are actually going to be a little bit more physical,” Mongeluzo says. “One of the things I’ve been reporting on is juice jacking at the airports.” Mongeluzo says juice jacking takes place when you see a USB port and your phone needs power. You plug the USB into the USB port, unaware that a hacker has already exploited the outlet. It could unload a payload into your phone, hack your phone, and grab your data.
And airports aren’t the only danger zones—all public places with USB ports are a target, Mongeluzo says. “It will never be an issue if you use a regular power outlet with your USB into your phone or tablet,” Mongeluzo says. “The issue is when you just plug your device directly into a USB port.”
Mongeluzo says QR code scams are also popular. One involves sliding fake menus under hotel doors with fake QR codes. When the unsuspecting guest uses the code to order food, the scammer gets their credit card details—and the order never arrives.
Consumer Reports is an independent, nonprofit organization that works side by side with consumers to create a fairer, safer, and healthier world. CR does not endorse products or services, and does not accept advertising. Copyright © 2025, Consumer Reports, Inc.