What You Should Know About Shipping Scams

Ever get an unexpected email or text message about a problematic package delivery with a link to click for more information? More often than not, a message like this is a shipping scam. And, since shipping scams are on the rise, it’s important to know how they work.

How do shipping scams work?

Online shopping is a big business. So it’s not a stretch to think that at any given time, you might be expecting a package—and are excited about it. Scammers love to exploit situations like these, so they’ll send you a message designed to get you to click on a link. These scam messages can be very effective, especially if you think there’s a problem with your shipment. But, clicking the link could cause you all kinds of problems, like exposing your personal information or infecting your device with malware.

Most often, scammers impersonate a well-known delivery company like FedEx, UPS or USPS in an email or text that appears to be a shipping notification. Here are some common types:

• Fake Delivery Alerts. This message may claim your package was undeliverable and provides a link for you to reschedule. It may refer to it as a “missed delivery attempt” to get you to click.
• Incomplete or Incorrect Delivery Information. This type of message may claim there’s a problem with the shipping address or an issue with customs fees. Then it suggests you click on the link to update your information.
• Package Held for Payment. This message will claim there’s an unpaid fee and your package won’t be delivered until it’s paid. It provides a link for "payment processing."

In all these cases, the scammer creates a feeling of urgency—hoping you’ll be more likely to follow their directions. What’s worse, by clicking, you could be taken to a legitimate-looking, but very fake, website. These fake websites are set up to steal banking or credit card account information or sign in credentials, or to install malware on your device. 

What are some red flags to look for?

FedEx, UPS and USPS won’t send you messages about packages unless you’ve signed up for specific notifications. In general, it’s a good practice to avoid clicking on links in unexpected emails or text messages. Instead, check your order’s status by visiting the retailer’s or delivery service’s website directly and using the tracking number you received when you placed your order. And, if the message suggests you call a phone number, don’t use that number. Instead, go to the delivery service’s official website to get their phone number.

Here are some things you may see in a scam email or text message.

• Pressure. If a message creates a sense of urgency with a “click this link to solve this problem right now” theme, be suspicious. Legitimate delivery companies will provide clear instructions and timelines without pressuring you to act.
• Poor Grammar and Spelling. Experts have warned that some scammers have begun to use AI  to create their messages, so they sound more like native speakers. But, that’s not the case for all of them. Some messages may still contain typos, grammatical errors or awkward phrasing.
• Suspicious Links. If the message contains a shortened or concealed link like "bit.ly/12345," don’t click! And, look for misspelled or slightly altered websites, like "fedx.com" or "fed-ex.com." Legitimate companies will use clear and recognizable URLs for their tracking information.
• Unrealistic or Vague Information. The message might contain nonsensical details about the package, like “unexpected sender,” “unfamiliar address” or an unrealistic delivery timeframe. It may omit details and instead say something like, “Your package couldn’t be delivered.”

What should you do if you receive a suspicious shipping notification?

Your first line of defense is always to have a healthy dose of skepticism. But, there are steps you can take to keep yourself safer.

• Don’t Click the Link and Don’t Reply. When it comes to links in emails and text messages, just stay away. In some cases, even replying could allow the scammer to hack your device.
• Check Your Order History. If you’re unsure if the message is legitimate because you recently placed an order, sign in to your account on the merchant’s site and check your order history. Even if you ordered as a guest, you most likely received an order confirmation email. Either one will help you know if a package is on its way and provide details so you can track it.
• Block the Sender. If the email or text is a scam, blocking the email sender or phone contact prevents the scammer from contacting you again from that email address or phone number. Of course, scammers frequently change email addresses and phone numbers, so this may not be 100% effective.
• Level Up Your Account Security. It’s always a good idea to make sure that the accounts you use to order, pay for and ship things are secure. If the merchant or service offers additional security like 2-step verification, sign up! Navy Federal offers our members enhanced security features to help protect their money and data.
• Be on Guard for Similar Tactics. Scammers may also use other ways to reach out about shipping issues, like phone calls. The same principles apply. If you get a suspicious shipping message, don’t respond, and verify the information independently to be sure you’re not being tricked.

What if you clicked a shipping scam link?

It’s easy to act on impulse and click a link—especially if you’re anxious about a package you’re expecting. If you fell for the bait, here’s what you can do:

1. Contact Your Financial Institution Right Away. Explain that you may have compromised your information by clicking on a suspicious link. Navy Federal members can call our 24/7 support line at 1-888-842-6328 to report the incident and freeze your cards.
2. Change Your Passwords. Did you accidentally enter account information or sign in credentials to a fraudulent website? Change your passwords immediately. Create a strong, unique password for each account that stores personal and payment information, and consider using a password manager to help you keep track.
3. Monitor Your Accounts. Closely monitor your bank statements and credit card activity for any unauthorized transactions. Report any fraudulent purchases immediately and freeze the credit or debit card associated with that account. You can also purchase an ID theft protection plan to help monitor activity on all your accounts.
4. Report the Scam. File a report with the FBI’s Internet Crime Complaint Center (IC3). This helps law enforcement track these scams and potentially recover stolen funds. For text messages, most mobile carriers allow you to report spam messages. Some use a message app, or you can copy and forward it to 7726 or use your carrier’s spam reporting number.