Smishing Active · 2024–2026 Text message scams

Got a text about a package you don't recognize? Read this first.

ScamChecker.online · Last verified May 2026 · Most-reported text scam · 5 min read

In a nutshell

A text says there's a problem with a delivery: a failed attempt, a held package, an address to confirm, or a small fee to pay.
It's a smishing scam. USPS, UPS, FedEx, and DHL don't text you a link to fix a delivery or collect a fee.
The link opens a fake copy of the carrier's site that captures your address, card details, and sometimes more.
Don't click. If you already entered card or personal info, follow the steps below right away.

Our verdict

This is a smishing scam, and it's the single most-reported text scam in the country.1 The "delivery problem" is bait. The page behind the link is built to steal your card and personal details, sometimes under cover of a small "redelivery fee."

Does this sound familiar?

A text turned up saying your package couldn't be delivered, that your address needs confirming, or that a small fee is due to release it. It names a carrier you actually use, and there's a link to "fix it." You probably are waiting on something, so it lands. That's the whole trick: almost everyone has a package in transit at any given time.

Below are reconstructed examples of the messages people receive, recreated to show how they typically look on your phone. The carrier names are real services that scammers impersonate. Those carriers do not send these texts. (Illustrations, not real screenshots. Links and numbers are fictional.)

Unknown

+1 (555) 555-0173

Text Message · Today 9:26 AM

USPS: your package is on hold due to an incomplete address. Confirm your details within 24 hours or it will be returned: usps-redelivery.top/track Reply Y to reactivate the link.

"Reply Y" is there to confirm your number is live. Real USPS doesn't text unsolicited links, and doesn't need you to reply Y.

Unknown

+63 917 ••• ••••

Text Message · Today 2:48 PM

FedEx: your parcel is held at customs. A clearance fee of $2.99 is required to release it. Pay here: fedex-clearance.vip

A tiny "fee" makes paying feel trivial. The point isn't the $2.99, it's your card number on the next screen.

Unknown

+1 (555) 555-0190

Text Message · Today 7:12 PM

UPS Notice: delivery attempt failed (ref #UPS4471). Reschedule and pay the $1.95 redelivery fee: bit.ly/ups-resched

A shortened link hides the real destination. Carriers don't charge redelivery fees by text.

The carrier and the wording change, but the structure stays the same: a delivery problem, a deadline, and a link to a page that asks for your address and card.

How it works

This scam is fast and runs at volume. Texts go out to millions of numbers at once, timed around busy shopping periods when most people genuinely have something on the way. (The screens below are illustrations of how these pages typically appear.)

The text lands

You get an unexpected text naming a carrier: a failed delivery, a held parcel, an address to confirm, or a small fee, always with a deadline and a link. It doesn't matter that the sender doesn't know what you ordered. Odds are you ordered something.

‹

Unknown sender

+1 (555) 555-0173

USPS: package on hold, incomplete address. Confirm within 24h: usps-redelivery.top

9:26 AM

Arrives via

SMS iMessage RCS

A convincing fake page

The link opens a near-perfect copy of the carrier's tracking or payment page, with the right logo and colors. The web address is the giveaway: an odd ending like .top or .vip, extra hyphens, a misspelled carrier name, or a shortener hiding the real site.

⚠ Not secureusps-redelivery.top

FAKE

UUSPS

Reschedule Your Delivery

Redelivery fee

$1.95

Package returns to sender if unpaid in 24h

Confirm & Pay →

The page is fake even when it looks perfect. Check the web address, not the logo.

You hand over address and card

To "release the package" or pay the tiny fee, the page asks for your name, address, phone, and card details. Everything goes straight to the scammer. The FTC notes some of these pages also fish for a Social Security number.

🔒 Delivery & Payment Details

Delivery address

Name, address, phone

Card number

•••• •••• •••• ••••

Expiry

MM / YY

CVC

•••

Everything entered here is captured. The "fee" is just cover for stealing your card and identity.1

The real damage

Your card may see a small test charge and then larger ones. Your details get sold or reused for further fraud and identity theft. And because you responded once, your number gets flagged as a live target, so more scam texts follow.

Charges you didn't make…

↓

"Redelivery fee"−$1.95

↓

Test charge−$1.00

↓

Online retailer−$312.00

↓

Unknown merchant−$540.00

Your details, resold

Name, address, phone, and card data are packaged and sold on, fuelling identity theft long after the first charge.

More texts arrive

"Toll Services: unpaid balance of $12.51, pay now…"

"DMV Final Notice: outstanding violation, act now…"

One response marks you as a live target. The same operations run toll and DMV texts too.

Remember

Carriers don't text you a link to fix a delivery or pay a fee.

A small "redelivery" or "customs" fee is the bait, not the goal.

Never click the link or reply Y. Don't enter card or address.

Check tracking yourself in the carrier's real app or site.

Red flags to catch it early

None of these alone is proof. Several together means stop.

An unexpected delivery text with a link

Carriers don't send unsolicited tracking or payment links by text. Real USPS texts come only if you signed up, and only from their short code.2

A small fee to "release" the package

A redelivery fee, customs charge, or postage top-up. Carriers don't collect these by text link.3

"Pay the $1.95 redelivery fee to reschedule."

It asks you to reply Y or tap to "reactivate"

Replying confirms your number is active and worth targeting again. Real carriers don't work this way.

A link that isn't the carrier's real site

Odd endings like .top, .vip, or .xin, extra hyphens, a misspelled name like "Fedx," or a shortener like bit.ly hiding the destination.

A tracking number you can't place

If you never signed up for tracking on a specific package, a text citing one is fake. Real USPS tracking numbers are very long.

Urgency, a deadline, or odd phrasing

"Act within 24 hours or it's returned." Pressure plus small grammar slips are common tells. Some texts even spoof a real short code to land in a genuine carrier thread.4

Actually waiting on a package?

Most of us are, which is why this works. Here's how to check without touching the text:

Don't tap the link or reply. Treat the whole message as fake.
Open the carrier's real app or website yourself, by typing it in or using the app you already have, and track the order there.
Check the order confirmation from the retailer for the real tracking number and carrier.
In the US, USPS Informed Delivery emails you previews of incoming mail, so fake "delivery" texts lose their power.

Already clicked or entered your details?

If you've already interacted with one

How bad it is depends on how far you got

Work through whichever applies. Sooner is better, especially with card details.

You only received it, or clicked but entered nothing Low risk. Don't reply, don't tap the link again. Delete it and report it (see below). On a phone, avoid downloading anything the page tries to push.

You entered your card details Contact your bank or card issuer now. Report the card as compromised, ask them to block it and watch for fraud, and request a replacement. Dispute any charge you didn't make, including small "test" charges.

You shared personal information If you gave a name, address, date of birth, or a Social Security number, treat it as exposed. Consider a credit freeze and identity-theft monitoring. In the US, IdentityTheft.gov builds a step-by-step recovery plan.

You reused that password anywhere If the fake page asked you to "log in" and you used a password you use elsewhere, change it on every site that shares it, and turn on two-factor authentication where you can.

Report it and delete it Forward the text to 7726 (spells SPAM) to flag the number with your carrier. For US postal versions, you can also email a screenshot to spam@uspis.gov. Then report it to the authority for your country below, and delete the message.

Ignore anyone who later offers to "get your money back" If you lost money, expect a follow-up from someone promising to recover it for a fee. That's a money recovery scam, a second fraud aimed at people who've already been hit. No legitimate service charges an upfront fee to recover funds.

Where to report it

Start here

FTC - ReportFraud.ftc.gov

Federal Trade Commission. Covers smishing, package delivery scams, and identity theft. Your report feeds investigator databases.

reportfraud.ftc.gov

For USPS-branded texts

U.S. Postal Inspection Service

Report USPS smishing, or email a screenshot with details to spam@uspis.gov. The Postal Inspection Service investigates mail and delivery fraud.

uspis.gov/report

If you shared personal information

IdentityTheft.gov

FTC tool that builds a personal recovery plan if your ID or financial details were exposed.

identitytheft.gov

Forward the text to 7726 (SPAM) to report the number to your carrier. If significant money was lost, also file with the FBI at ic3.gov.

Start here

Action Fraud

UK national fraud and cybercrime reporting. Reports go to the National Fraud Intelligence Bureau. Online or phone: 0300 123 2040.

actionfraud.police.uk

Report the text itself

Forward to 7726

Forward suspicious texts to 7726 free of charge to report them to your mobile provider. UK versions commonly impersonate Royal Mail, Evri, DPD, and DHL.

ncsc.gov.uk

If you entered card details, contact your bank straight away. UK banks have strong reimbursement rules for authorised push payment fraud under the 2024 rules.

Start here

Scamwatch (ACCC)

Australian Competition and Consumer Commission. Australian versions often impersonate Australia Post and courier services.

scamwatch.gov.au/report-a-scam

If devices or data were compromised

Australian Cyber Security Centre

cyber.gov.au/report-and-recover/report

If identity information was shared

IDCARE

Australia and New Zealand's national identity and cyber support service. Free specialist help for identity theft.

idcare.org

Canada

Canadian Anti-Fraud Centre

Canada Post and courier impersonation texts are common here too. Forward texts to 7726 as well.

antifraudcentre-centreantifraude.ca

European Union

Europol Cybercrime Reporting

europol.europa.eu

Not sure where to report? Search "[your country] report scam text" or "[your country] report fraud," and contact your bank directly if you entered any card details.

How big is this problem?

Fake delivery texts are now the most common text scam reported in the United States, and text scams overall are far more costly than they were a few years ago.

Fake package delivery was the most-reported text scam of 20241

$470M

Reported lost to text-based scams in 2024, across all types1

5×

Higher text-scam losses than in 2020, when the figure was about $86M1

~$2

Typical "redelivery fee" shown, kept tiny so paying feels trivial1

In its breakdown of 2024 text scams, the FTC put fake package delivery at the top, usually impersonating the U.S. Postal Service, with victims told there was a delivery problem and tricked into paying a small "redelivery fee" that was really a way to steal their card or Social Security number.1 The Postal Inspection Service is blunt about it: USPS does not send unsolicited texts with tracking links, and if you signed up for real tracking, those messages come only from an official short code.2

The texts go out at enormous scale, often from international numbers, using ready-made phishing kits. The FBI and USPS warned in 2024 that some campaigns were sophisticated enough to spoof legitimate short codes, so a fake could appear in the same thread as real carrier messages on some phones.4 The same infrastructure churns out fake toll, DMV, and unpaid-bill texts, swapping the disguise while keeping the mechanics.

The small fee is deliberate. A dollar or two feels too trivial to question, which is exactly the reaction the scam needs. But the fee is rarely the real prize. The card number, address, and personal details you enter are worth far more, resold or reused for fraud and identity theft long after the first charge clears.

Sources

Federal Trade Commission, "New FTC Data Show Top Text Message Scams of 2024" and the accompanying data spotlight (PDF), April 2025. Fake package delivery as the #1 text scam, the $470M total, the 5x rise since 2020, and the redelivery-fee tactic.
U.S. Postal Inspection Service, "Smishing: Package Tracking Text Scams." USPS does not send unsolicited tracking-link texts; how to report; forward to 7726 and email spam@uspis.gov.
Federal Communications Commission, "How to Avoid Package Delivery Scams." Official guidance on delivery smishing and what to do.
FBI / U.S. Postal Inspection Service 2024 warnings on USPS-branded smishing, as documented by security researchers. Surge in USPS smishing and short-code spoofing. Cited as a documented pattern rather than a single official total.

Researched and maintained by ScamChecker.online

We document recurring online scam patterns using primary sources: government agencies, law enforcement, and security researchers. The carriers named here are legitimate companies being impersonated, not the source of these texts. Ads on this page do not influence our reporting. Read about how we research or who we are.

Last verified: May 2026 · Reviewed against current FTC, USPIS, and FCC guidance