Fake USPS text messages have surged by over 600% in the last year, and scammers are betting your package anxiety will make you click before you think. Here's how to spot the USPS text scam before it drains your bank account or steals your identity.

What Is the USPS Text Scam and How Does It Work

The USPS text scam operates through a simple but devastatingly effective formula: scammers send text messages impersonating the United States Postal Service, claiming there's a problem with your package delivery. The message creates urgency—your package is stuck, needs a redelivery fee, requires address confirmation, or faces return to sender. A link promises to fix everything.

Click that link and you've walked into one of three traps. The first scenario sends you to a convincing fake USPS website that harvests your credit card details when you pay a bogus $1.99 "redelivery fee." The second downloads malware onto your phone that steals banking credentials, text messages, and contact lists. The third collects your personal information—name, address, Social Security number—for identity theft or resale on dark web marketplaces.

These scammers don't guess randomly. They purchase data from brokers who aggregate your information from hundreds of sources, including online purchases, warranty registrations, and public records. When you've recently ordered something online, the timing feels eerily perfect. That's not coincidence—it's data correlation. Your shopping habits, addresses, and phone numbers are available for pennies per record on broker sites, making these targeted attacks scalable and profitable.

The Federal Trade Commission reported over 36,000 complaints about postal service impersonation scams in 2023 alone, with victims losing an average of $1,200 per incident. The actual number is likely ten times higher since most victims never report.

Real Examples of USPS Text Scams

Real USPS text scam messages follow predictable patterns, though scammers continuously refine their approach. Here are actual examples reported to the FTC and postal inspectors:

The stuck package scam: "USPS: Your package has been held at our facility due to incomplete address information. Please update: [malicious link]" This message exploits anxiety about missed deliveries and appears to come from a USPS shortcode or spoofed number showing "USPS" as the sender name.

The fee collection scam: "Your package is awaiting delivery. Pay $2.89 shipping fee to schedule: [malicious link]" The small dollar amount lowers psychological resistance—it's easier to click for $2.89 than $29.99. The fake payment page captures your full credit card details, which scammers then sell or use for fraudulent charges.

The customs hold scam: "USPS: International package detained at customs. Verify identity to release shipment: [malicious link]" This version targets people who've ordered from overseas retailers, requesting passport numbers, driver's license uploads, or Social Security numbers under the guise of customs verification.

The delivery window scam: "USPS: We attempted delivery today. Confirm your availability for redelivery tomorrow: [malicious link]" The fabricated delivery attempt creates urgency—respond now or wait another day for your package.

The links in these messages typically use URL shorteners (bit.ly, tinyurl.com) or domains that mimic USPS with small variations: usps-delivery.com, usps-tracking.net, or my-usps-redelivery.com. The fake websites copy USPS branding perfectly, complete with the eagle logo, official color scheme, and even fake tracking numbers that appear functional.

Pro tip: Screenshot any suspicious text before deleting it. These images help postal inspectors identify new scam variations and can serve as evidence if you need to dispute fraudulent charges.

Red Flags: How to Spot a USPS Text Scam Instantly

Legitimate USPS communications follow strict patterns that scammers can't perfectly replicate. Watch for these immediate warning signs:

The Message Contains a Link

USPS occasionally sends text notifications through their Informed Delivery service, but these messages never include clickable links. Real USPS texts provide tracking numbers and instruct you to visit usps.com directly. Any text with an embedded URL claiming to be from USPS is fraudulent.

You're Asked to Pay for Delivery

USPS doesn't collect delivery fees via text message. If postage is due, the carrier leaves a physical notice (PS Form 3849) at your address. No exceptions. The postal service will never request payment through text, email, or phone calls for standard delivery services.

The Sender Information Looks Wrong

Check the sender carefully. Scammers spoof numbers to display "USPS" as the sender name, but the actual phone number often shows international prefixes (+44, +86, +91) or random 10-digit numbers. Real USPS shortcode messages come from five or six-digit numbers like 28777 or 468311.

The URL Domain Isn't USPS.com

Hover over or long-press any link before clicking. The actual destination URL appears at the bottom of your screen. Legitimate USPS links only use usps.com—no variations, no hyphens, no extra words. Scammers register domains like usps-service.com, uspsdelivery.net, or my-usps.info. These are always fraudulent.

The Grammar and Formatting Are Slightly Off

Professional organizations employ copywriters and proofreaders. Fake USPS texts often contain subtle errors: missing articles ("Package is awaiting" instead of "Your package is awaiting"), awkward phrasing, or inconsistent capitalization. Real USPS communications maintain consistent professional standards.

The Timing Seems Too Convenient

If you haven't ordered anything recently but receive a package notification, that's suspicious. However, scammers increasingly time their attacks around major shopping periods (holidays, Prime Day, Black Friday) when nearly everyone expects deliveries. Consider whether you're actually awaiting a USPS delivery specifically—many people forget they ordered something via FedEx or UPS, not USPS.

There's Unusual Urgency

Scammers manufacture time pressure: "Respond within 24 hours or your package will be returned." "Verify now to avoid $15 storage fees." Real USPS procedures allow days or weeks for package pickup from facilities. Artificial urgency is a manipulation tactic designed to bypass your critical thinking.

One detail many people miss: USPS doesn't send unsolicited texts at all unless you've specifically enrolled in tracking notifications through your usps.com account. If you haven't signed up for Informed Delivery or tracking alerts, any text claiming to be from USPS is automatically fake.

What to Do If You've Been Targeted

Receiving a fake USPS tracking text doesn't mean you've been compromised—yet. Your response determines whether this remains an attempted scam or becomes actual fraud.

Step 1: Don't Click Anything

This seems obvious, but deserves emphasis. Don't click the link out of curiosity. Don't click to "see what happens." Don't click to investigate. Clicking can trigger automatic malware downloads on vulnerable devices or signal to scammers that your number is active and responsive, leading to more sophisticated follow-up attempts.

Step 2: Delete the Message Immediately

After screenshotting if desired, delete the text. Don't save it. Don't forward it to friends as a warning (you might accidentally spread the malicious link). Simply delete it. Modern smartphones occasionally auto-execute code from specially crafted messages, though this is rare. Deletion minimizes risk.

Step 3: Block the Sender Number

Block the sender through your phone's messaging app. On iPhone, tap the sender's number, scroll down, and select "Block this Caller." On Android, tap the sender, select the three-dot menu, and choose "Block." This prevents follow-up messages from the same number, though scammers often rotate through many numbers.

Step 4: Check Your Actual USPS Deliveries

Visit usps.com directly by typing the URL into your browser—never clicking links. Log into your Informed Delivery account if you have one, or use the tracking number search if you have a legitimate tracking number from a recent order confirmation email. This confirms whether you actually have pending USPS deliveries.

Step 5: Monitor Your Accounts If You Clicked

If you clicked the link but didn't enter information, run a malware scan using your phone's security software. iPhone users should look for unexpected battery drain, data usage spikes, or app behavior changes. Android users should download Google Play Protect and run a full scan.

If you entered payment information on a fake site, immediately contact your bank or credit card issuer to report fraud. Request a new card number. Set up transaction alerts for any charges over $1. Check your statements daily for the next 30 days—scammers often test stolen cards with small charges before attempting larger purchases.

If you provided personal information like Social Security numbers or driver's license details, place a fraud alert with the three credit bureaus (Equifax, Experian, TransUnion) and consider a credit freeze. Your personal data has likely been sold and will fuel future scams.

Pro tip: Enable two-factor authentication on financial accounts immediately. Even if scammers obtained your login credentials, they can't access accounts protected by authenticator apps or SMS codes sent to your phone.

How to Report the USPS Text Scam

Reporting these scams helps law enforcement identify patterns, shut down malicious domains, and occasionally recover funds for victims. Multiple agencies want to hear about your experience.

Report to the Postal Inspection Service

The U.S. Postal Inspection Service investigates mail fraud and postal-related crimes. Forward the scam text to spam@uspis.gov or report it online at uspis.gov/report. Include the sender's phone number, the message content, and the URL if you noted it. Postal inspectors coordinate with telecommunications providers to trace and block scam operations.

Report to the FTC

The Federal Trade Commission maintains the central database for consumer fraud reports at ReportFraud.ftc.gov. Select "Phone Calls, Emails, or Text Messages" as the category, then specify "Imposter Scam." Your report feeds into law enforcement investigations and helps the FTC identify emerging scam trends that warrant public warnings.

Report to Your Mobile Carrier

Forward the scam text to 7726 (SPAM) from your phone. This works across all major U.S. carriers—Verizon, AT&T, T-Mobile, and others. Your carrier's anti-spam systems analyze the message and sender, updating filters to block similar messages for other customers. You'll receive an automated response confirming receipt.

Report to the Anti-Phishing Working Group

Forward scam messages to reportphishing@apwg.org. The Anti-Phishing Working Group coordinates between technology companies, financial institutions, and law enforcement worldwide. They work to take down phishing sites and malicious domains, often within hours of receiving reports.

File a Police Report If You Lost Money

If you paid money to scammers or suffered identity theft, file a report with your local police department. Most departments accept online reports for fraud. Request a case number. This documentation supports insurance claims, credit disputes, and potential future legal action. Some homeowner's or renter's insurance policies cover identity theft losses.

Don't expect immediate action or fund recovery. These investigations move slowly and cross multiple jurisdictions. Scammers often operate internationally from countries with limited cooperation with U.S. law enforcement. However, aggregate reports occasionally enable task forces to dismantle large operations.

How to Protect Yourself Going Forward

Prevention beats recovery. These strategies reduce your exposure to USPS text scams and similar attacks.

Step 1: Enroll in Official USPS Tracking

Register for USPS Informed Delivery at informeddelivery.usps.com. This free service emails you scanned images of incoming mail and tracking updates for packages. When you control the official notification channel, unexpected texts claiming to be from USPS become immediately suspicious. You'll know whether USPS actually tried to deliver something.

Step 2: Use Unique Email Addresses for Online Shopping

Create email aliases or use email services with built-in aliasing (ProtonMail, Apple Hide My Email, SimpleLogin). Use a different email for each major retailer: amazon@yourdomain.com, target@yourdomain.com, etc. When you receive a package notification, check which email address it was sent to. Scammers rarely know which specific email you used for which retailer, revealing their messages as generic blasts rather than targeted notifications.

Step 3: Reduce Your Data Exposure

Your name, phone number, address, and shopping habits are sold by data brokers to marketing companies—and those same databases fuel scammer operations. The more brokers have your information, the more accurately scammers can time their fake delivery notifications. Our analysis of thousands of removal requests shows that people who appear on fewer than 50 data broker sites report 73% fewer targeted scam attempts compared to those on 200+ sites.

Data brokers aggregate information from public records, social media, purchase history, and hundreds of other sources. They maintain profiles including your phone numbers, addresses past and present, family connections, income estimates, and shopping preferences. This information sells for $0.002 to $0.50 per record depending on detail level. Check your exposure across data broker databases to see exactly what scammers can purchase about you.

Manual removal from data brokers is technically possible but practically impossible for most people. Each of the 1,500+ data brokers operating in the United States has unique opt-out procedures, separate verification requirements, and different reappearance timelines. Most brokers re-add your information every 30-90 days unless you maintain constant removal requests. This is why GhostMyData exists—to automate the scanning and removal process across the full broker ecosystem rather than the 35-150 sites most competitors monitor.

Step 4: Enable Spam Filtering on Your Phone

Both iPhone and Android devices offer built-in spam filtering that blocks known scam numbers. On iPhone, go to Settings > Messages > Filter Unknown Senders. On Android, open the Messages app, tap the three dots, select Settings > Spam protection, and enable spam detection. Third-party apps like RoboKiller or Nomorobo provide additional protection by maintaining updated databases of scam numbers.

Step 5: Never Trust Caller ID or Sender Names

Number spoofing is trivial with modern technology. Scammers can make their texts appear to come from "USPS" or any other name. They can make calls display as coming from your bank's real customer service number. Always verify through independent channels—visit the website directly, call the number printed on your physical credit card, or visit a retail location. Never trust contact information provided in an unsolicited message.

Step 6: Use Virtual Payment Methods for Online Shopping

Services like Privacy.com, Apple Pay, or virtual card numbers from your credit card issuer create single-use or merchant-locked card numbers. When a data breach exposes payment information from a retailer, virtual card numbers become useless to thieves. This doesn't prevent USPS text scams specifically, but reduces your overall fraud risk profile.

Pro tip: Set up a Google Voice number exclusively for online shopping and deliveries. Give this number to retailers instead of your primary phone number. If it starts receiving scam texts, you know your data leaked from a shopping-related source, and you can abandon that number without changing your main contact information.

The Data Broker Connection

Here's what most cybersecurity advice misses: USPS text scams work because data brokers have already done the reconnaissance work for criminals. Scammers don't randomly text millions of people hoping someone ordered a package. They purchase consumer databases showing recent online purchases, delivery addresses, and phone numbers. The message arrives days after your Amazon order because the data broker updated their database with your recent transaction pattern.

People Data Brokers, LexisNexis, Acxiom, and hundreds of smaller brokers maintain real-time profiles on hundreds of millions of Americans. These profiles include purchase history categories ("frequently orders electronics"), preferred delivery addresses, and contact methods. Marketing companies buy this data to target ads. Scammers buy the same data to target crimes.

After major data breaches at retailers like Target, Home Depot, or Equifax, that exposed information doesn't disappear. It gets aggregated by brokers who combine it with other sources to build increasingly detailed profiles. A single data point—your email address—can link your Amazon purchase history, your Informed Delivery address, your phone number from a warranty registration, and your browsing history from advertising trackers. This aggregated profile makes scams like fake USPS texts devastatingly convincing in their timing.

This is why breach response can't stop at changing passwords. The exposed data continues circulating through broker networks indefinitely unless you actively remove it. Our exposure check tool shows exactly which brokers have compiled profiles on you and what categories of information they're selling.

Quick Reference Checklist

Before you go, save this checklist for instant reference when suspicious texts arrive:

Identifying fake USPS texts:

Does it contain a clickable link? (Red flag)
Does it request payment? (Red flag)
Is the sender a random phone number? (Red flag)
Does the URL differ from usps.com? (Red flag)
Did you actually order something via USPS? (Verify independently)

Immediate response actions:

Don't click any links
Screenshot the message
Delete it completely
Block the sender number
Verify deliveries at usps.com directly

Reporting channels:

Forward to spam@uspis.gov (Postal Inspection Service)
Forward to 7726 (your mobile carrier)
Report at ReportFraud.ftc.gov (FTC)
Forward to

Spot USPS Text Scams: Protect Yourself Now