- Fake text message alerts claim to be from legitimate courier service
- URL requests personal or financial information to arrange redelivery
- If in doubt, go to the official website and enter your tracking number
A new survey has revealed the fastest-growing type of scam and it’s probably one you’ve already received this month: a fake parcel delivery alert sent by text message.
According to research published by NatWest, a UK bank, fake delivery alerts are the fastest-growing con of 2024. The study combines industry data with feedback from a survey of 2,000 British adults.
These messages, delivered to your mobile phone by SMS, claim to be from a courier service. They state that a package delivery has been attempted and needs to be rescheduled. They then prompt the recipient to click a link.
This malicious URL leads to a phishing website designed to look legitimate. It will ask for personal details and usually request a fee payment to arrange the fictitious redelivery. If users submit their information here, including login credentials or credit card details, cybercriminals will be able to use them for fraudulent purposes, including purchases.
Companies commonly impersonated in examples we’ve seen include FedEx, DHL and UPS. Because it’s common to receive real redelivery alerts by SMS, it’s easy to be fooled by an apparently convincing message. It’s also easier to fake an SMS alert, because it contains fewer words and doesn’t include a logo.
The scheme uses tactics common to most phishing scams. The message creates a sense urgency, as most people will want to respond to a missed package and arrange its redelivery as soon as possible. They might also receive and read the SMS when they are away from home and distracted, meaning they don’t pay enough attention to whether it is legitimate.
The scam is particularly effective at this time of year, because many people will be expecting genuine deliveries ahead of the festive season. The scam also relies on emotional manipulation: a lot of these packages will contain presents for love ones, so people will be particularly keen to ensure that they are safely delivered.
As a result, recipients of the SMS may act quickly to resolve the apparent issue. This could cause them to overlook inconsistencies in the message, such as the lack of tracking number.
How to stay safe
As with any SMS message or email you receive which claims to be from a real company, the most important step is to stop and think before clicking on a link. Be alert to tell-tale signs of a phishing scam, particularly any urgent requests for personal or financial information.
Stuart Skinner, a Fraud Expert from NatWest, advises people: “Think about it: would a real delivery company ask you to follow a link and make a payment?”
This statement from FedEx reflects the position of most courier services: “FedEx does not request, via unsolicited mail, email, or text, any personal information pertaining to your account credentials or identity.”
Once you’ve paused for thought, consider the details in the message and ask yourself a few questions. Are you expecting a delivery? If so, which company is handling that delivery? You should have received a confirmation when you placed your order, which should tell you the courier service and tracking number. If those don’t match up, then you’ve received a fake message.
You should also look out for grammatical errors in the message, as well as misspelled website addresses or variations of real URLs. If you’re uncertain about a link, don’t click it. Instead, head directly to the courier service’s official website and input your tracking number. This ensures you’re seeing genuine information about your package, including whether any action is required.
Most couriers offer advice about how to avoid fake delivery scams. For example, DHL states: “If you don't recognize the sender and don't expect the email or text message, there's a chance you're phishing.”
The United States Postal Inspection Service echoes this advice: “If you suspect the text message you have received is suspicious but are expecting a parcel, please do not click on any links. Rather, report it and visit USPS.com from your mobile device or computer for tracking and additional resources..”
UPS has a similar recommendation: “If you are unsure of the validity of a text, do not click or select any links or open any attachments as they may contain a virus.”
English (US) ·