If You Get a USPS Scam Text, You Need to Do This ASAP

Online shoppers are out in full force this holiday season. According to Adobe Analytics, consumers spent $13.3 billion on Cyber Monday in 2024—a 7.3% increase over past year—making it the highest single e-commerce shopping day in history. Unfortunately, as online shopping trends upward, so do opportunities for scammers.

As is the norm during the holiday season, there are likely to be delays with the U.S. Postal Service (USPS) and other carriers, such as FedEx and UPS. Experts predict that package-related scam text messages will be at an all-time high as shoppers wait for their purchases to arrive.

Scam text messages are also known as smishing, a word that combines SMS (this stands for short message service, but most of us just say texting) with phishing, a cyber attack that intends to steal your personal information or install malware on your device. A popular—and successful!—smishing scam pretends to be from the Postal Service.

“This USPS scam is known as an impersonation scam,” explains Brian Cute, chief operating officer and capacity and resilience program director at Global Cyber Alliance, a nonprofit organization that helps people and organizations stay safe and secure online. “Scammers send smishing texts to mobile phones that impersonate businesses or government agencies with messages usually creating a sense of urgency for consumers,” Cute says. “Their aim is to trick people into clicking on malicious links in the text or otherwise induce them to share personal data that scammers then use to steal the victims’ money.”

According to Federal Trade Commission (FTC) data for 2023, U.S. consumers reported more than 330,000 business impersonation scams and nearly 160,000 government impersonation scams. Losses due to impersonation scams topped $1.1 billion for the year, which has tripled since 2020. With holiday spending at an all-time high, bad actors will be seeking opportunities, and shoppers need to stay savvy and alert. We understand the temptation to click on a text from the U.S. Postal Service, but we can’t stress enough: Don’t do it! We talked to cybercrime experts to explain how to identify Postal Service smishing, the dangers of clicking on these scam texts and what you should do if you receive one.

Get Reader’s Digest’s Read Up newsletter for more tech, travel, humor, cleaning and fun facts all week long.

How can you identify a U.S. Postal Service scam text?

Reader's Digest

It can be hard to identify a Postal Service scam text, and if you’re panicking about a potentially lost package, you’re vulnerable to falling for one. Cute urges consumers to read all of their texts with a critical eye and resist the impulse to act quickly in response to the message.

Seth Geftic, the vice president of product marketing at cybersecurity platform Huntress, explains that Postal Service scam texts are designed to get people to act without thinking by using urgent or intimidating language. “A text might say your package won’t be delivered unless you pay extra or enter your personal information,” Geftic says. “The real USPS will never communicate like this.”

Tony Sabaj, who has over two decades of cybersecurity experience and serves as the head of channel engineering at Check Point Software, suggests looking for the following to identify a U.S. Postal Service scam text.

• Generic language: Scammers may use phrases like “your package is on hold” without specific details.
• Urgency: Scammers often pressure you to act quickly to claim or reroute a delivery.
• Suspicious links: URLs in scam texts are often shortened or have strange domains (e.g., “usps-update[.]xyz”).
• Requests for personal information: The Postal Service will never ask for sensitive details like your Social Security number, credit card or account credentials via text.

Will the Postal Service ever text you?

If you signed up for the U.S. Postal Service’s Informed Delivery, you’ll receive texts. But it’s critical to remember that you’ll receive texts from the Postal Service only if you signed up for them. Raj Dasgupta, an anti-fraud expert and the senior director of global advisory at fraud-detection company BioCatch, explains that legitimate Postal Service texts come from a short five-digit number: 28777.

“Scam texts are usually from a long number, many times belonging to a foreign country where the number begins with the country code, e.g., +62,” Dasgupta says. In addition, scam texts often include incorrect grammar, threats or unusual requests, and there’s always a link to tap into. Dasgupta adds that the link won’t have “USPS” in it but may have something close, like “U5PS,” which is designed to throw you off.

What are the dangers of clicking on the link provided?

You might be tempted to click a link just to see if it goes to a legitimate place, but this is dangerous, and experts warn against it. “Clicking on a malicious link may cause a consumer to be directed to a phishing website, where their personal information may be compromised,” Cute says. “Malicious links may also download malware on your device. Malware may contain spyware designed to steal your information, like usernames, passwords and credit card details. It may also give attackers remote access to your device.”

What should you do if you get one of these scam texts?

Unfortunately, most of us are receiving scam texts with increasing frequency, and stopping spam texts is a growing concern. According to Robokiller, an app that blocks spam calls and texts, Americans received 19.2 billion spam texts in November 2024, which is over 7,000 spam texts per minute. Here’s what to do if you receive a scam text.

Adopt a critical mindset

Cute recommends looking for red flags and pausing before taking any action. If you’re expecting a package and you think the text might be legitimate, look through your email for an official tracking number from the company and/or call the company to confirm whether it sent the text or not.

Delete it

If you get a scam text that’s seemingly from the U.S. Postal Service and recognize it before clicking on the link and giving away any personal information, delete it. “While it might be tempting to reply with an angry message, this might make you a greater target for scammers and hackers,” Geftic explains. That’s because a response lets bad actors know they’ve reached an active number. You might be tempted to reply “STOP,” but Sabaj says it’s best to just delete the message.

Block the number

Most messaging apps allow you to block a number directly from a text thread. Here are directions for blocking phone numbers on Apple and Android devices.

Report it

It’s a smart idea to report the attempt to scam you. Here are three steps you should take after receiving a Postal service scam text:

1. Forward the message to 7726 (SPAM) to report it to your carrier.
2. Report it to the U.S. Postal Service by emailing a screenshot to [email protected].
3. Report it to the FTC at ReportFraud.ftc.gov.

What should you do if you already clicked on the link?

If you already clicked on the link in the spam text, there are some things you can do to protect yourself. Here are five actions to take as soon as you realize the text was a scam.

Disconnect from the internet

Sabaj recommends disconnecting from the internet and immediately disabling your Wi-Fi and mobile data to limit malware activity. A quick way to do this is to put your phone in airplane mode.

Run a security scan

The next thing you should do is use antivirus software to check for malware or spyware. “If there is malware in your device, it must be removed before backing up your data,” Cute says.

Change your passwords

You’ll want to change your passwords ASAP. Start with any accounts linked to the scam, especially if they’re connected to banking information or your email.

Monitor accounts

After you’ve clicked on a suspicious link, you’ll be extra diligent about checking your bank and credit card statements for unauthorized transactions.

Report it

Follow the steps above for reporting cybercrime.

How can you avoid getting scammed via text?

What’s better than quickly reacting after being scammed? Avoiding a scam in the first place. Following the tips below will reduce your chances of becoming a victim of a U.S. Postal Service scam text.

Be skeptical of unsolicited messages

Treat unexpected texts with caution and maybe even suspicion, especially those requesting personal information.

Enable two-factor authentication

Enabling two-factor authentication might feel like creating an unnecessary extra step to take every time you want to access your accounts, but experts assure us that adding this extra layer of protection is much easier than fixing a mess created when your accounts are hacked.

Update your software

It’s important to update your phone’s software, which helps protect you from known vulnerabilities.

Consider a new phone number

“There isn’t a foolproof method to stop receiving scam texts, and for most people, the best thing to do is block the number,” Geftic says. “If you’re receiving several scam texts a day, it could be worth considering getting a new phone number, as your contact information could be being targeted more for a specific reason.”

Educate yourself and others

Educate yourself on common scams and share the knowledge with friends and family. If you remain vigilant and proactive, you can keep your personal information secure and avoid the heartbreak and hassle that are unfortunate byproducts of falling victim to a scam.

Why trust us

At Reader’s Digest, we’re committed to producing high-quality content by writers with expertise and experience in their field in consultation with relevant, qualified experts. We rely on reputable primary sources, including government and professional organizations and academic institutions as well as our writers’ personal experiences where appropriate. We verify all facts and data, back them with credible sourcing and revisit them over time to ensure they remain accurate and up to date. Read more about our team, our contributors and our editorial policies.

Sources:

• Adobe: “Cyber Monday Hits Record $13.3 Billion in Online Spending with Majority of Sales Driven by Mobile”
• United States Postal Service: “What is USPS Text Tracking?”
• Federal Trade Commission: “Impersonation scams: not what they used to be”
• Robokiller: “2023 United States robotext trends”
• Brian Cute, chief operating officer and capacity and resilience program director at the Global Cyber Alliance; email interview, December 2024
• Seth Geftic, vice president of product marketing at cybersecurity platform Huntress; email interview, December 2024
• Tony Sabaj, head of channel engineering at Check Point Software; email interview, December 2024
• Raj Dasgupta, senior director of global advisory at fraud-detection company BioCatch; email interview, December 2024

sydney watson for reader's digest

If You Hear This 4-Word Phrase, Hang Up

takasuu/Getty Images

Can iPhones Get Viruses?

Liudmila Chernetska/Getty Images

How Often You Should Reboot Your Router?