TLDR
Fake shipping notification texts have expanded far beyond USPS and FedEx. In 2026, scammers impersonate USPS, FedEx, UPS, DHL, Amazon, OnTrac, and regional carriers using domains drawn from a pool of 74,032 malicious domains tracked in ScamVerify™'s URLhaus database. The domain data reveals that 81% of these malicious domains use .com extensions (60,047 domains), making scam links visually indistinguishable from legitimate carrier websites. Robocalls are up 16% year over year according to U.S. PIRG's 2026 report, and text-based delivery scams are growing even faster. These texts lead to credential harvesting pages, malware downloads, and financial theft.
The Scale of Fake Delivery Texts in 2026
Package delivery scams are the single most common type of smishing in the United States. The reason is simple math: Americans receive an estimated 21.5 billion packages annually (Pitney Bowes Parcel Shipping Index). At any given moment, most people are expecting at least one delivery. A text saying "your package could not be delivered" feels plausible almost every day of the year.
ScamVerify tracks the infrastructure behind these scams:
| Metric | Value | Source |
|---|---|---|
| Malicious domains in ScamVerify DB | 74,032 | URLhaus |
| Domains using .com extension | 60,047 (81%) | URLhaus/ScamVerify |
| Domains using .net extension | 4,000+ (5.4%) | URLhaus/ScamVerify |
| Domains using .org extension | 3,996+ (5.4%) | URLhaus/ScamVerify |
| US packages shipped annually | 21.5 billion | Pitney Bowes |
| Robocall increase (YoY) | 16% | U.S. PIRG 2026 |
| ScamVerify total threat records | 8 million+ | ScamVerify database |
Who Scammers Impersonate: The Full List
Fake delivery scams used to focus almost exclusively on USPS and FedEx. That has changed. In 2026, scammers rotate through every major carrier and logistics company to match their targets' likely shipping providers.
| Carrier Impersonated | Common Scam Text | Targeting Strategy |
|---|---|---|
| USPS | "USPS: Package held at facility. Confirm delivery address" | Highest volume, broadest audience |
| FedEx | "FedEx: Delivery attempted. Schedule redelivery" | Business shipments, higher-value targets |
| UPS | "UPS: Package requires signature. Update preferences" | E-commerce heavy buyers |
| Amazon | "Amazon: Your order cannot be delivered. Verify address" | Targets Prime members (200M+ globally) |
| DHL | "DHL Express: Customs fee required for international package" | International shipping, tariff confusion |
| OnTrac/LaserShip | "Regional Delivery: Package at local facility" | West Coast and East Coast regional targeting |
| Walmart | "Walmart: Delivery exception for order #WM-XXXXXX" | Growing e-commerce presence |
For a detailed breakdown of the USPS, UPS, and FedEx variants specifically, see our package delivery scam texts guide.
The Domain Problem: Why Links Look Legitimate
The most dangerous aspect of fake shipping texts is the link. ScamVerify's URLhaus data reveals why these links fool so many people:
81% of all malicious domains use .com extensions. That means the scam link in a fake FedEx text does not end in .xyz or .ru or some other obviously suspicious extension. It ends in .com, just like the real fedex.com.
Scammers register domains that combine a carrier name with plausible-looking suffixes:
| Pattern | Example | Why It Works |
|---|---|---|
| Carrier + "tracking" | usps-tracking-update.com | Matches expected URL structure |
| Carrier + "delivery" | fedex-delivery-notice.com | Plausible for notification links |
| Carrier + random string | ups-pkg-8847291.com | Looks like a tracking reference |
| Misspelled carrier | feddex-ship.com | Hard to spot on a phone screen |
| Carrier + "secure" | amazon-secure-delivery.com | Implies official and trustworthy |
These domains are cheap. Bulk registration costs as little as $1-$2 per domain through registrars that do minimal verification. A scam operation can register 100 domains in an afternoon and rotate through them as each one gets flagged and taken down.
What Happens When You Click the Link
Tapping a link in a fake shipping text leads to one of three outcomes:
1. Credential Harvesting Page
The most common outcome. The link loads a near-perfect replica of the carrier's website with a form asking for your name, address, phone number, and a "redelivery fee" payment. The fee is typically small ($1.50 to $4.99) to reduce suspicion. The real target is your credit card number. Within hours, the card is used for unauthorized purchases or sold on dark web markets.
2. Malware Download
Some links trigger a download, especially on Android devices. The malware may install a keylogger, banking trojan, or SMS interceptor. SMS interceptors are particularly valuable to scammers because they capture two-factor authentication codes sent to your phone, allowing them to bypass security on your bank accounts, email, and other services.
3. Subscription Trap
The link leads to a "free gift" or "prize" page that requires entering payment information for "shipping." This enrolls the victim in a recurring subscription that charges $29.99 to $49.99 per month for a product that never arrives. Cancellation requires finding and contacting a company that may not have a real customer service department.
How to Identify Fake Shipping Texts
Real carrier notifications and fake ones have consistent differences:
| Element | Legitimate Carrier Text | Scam Text |
|---|---|---|
| Sender | Short code (5-6 digits) or verified number | Random 10-digit phone number |
| Tracking number | Matches format you already have | Generic or missing entirely |
| Link domain | Official domain (usps.com, fedex.com) | Look-alike with extra words |
| Action required | Track at carrier site (no payment) | Pay a fee or "verify" information |
| Personal details | References your actual name/order | Generic "Dear Customer" or no name |
| Urgency | Standard update language | "Immediate action required" or countdown |
The single most reliable check: go directly to the carrier's official website or app and enter your tracking number. If the carrier has no record of a delivery issue, the text was fake.
Carrier-Specific Tracking Verification
Do not click links. Use these official channels instead:
- USPS: usps.com/manage or text your tracking number to 28777 (2USPS)
- FedEx: fedex.com/tracking or the FedEx app
- UPS: ups.com/track or the UPS My Choice app
- Amazon: amazon.com/orders or the Amazon app
- DHL: dhl.com/tracking or the DHL Express app
What to Do If You Receive a Fake Delivery Text
- Do not tap the link. The link is the entire attack. Without a click, there is no threat.
- Forward the text to 7726 (SPAM) to report it to your wireless carrier.
- Block the sender number, though scammers rotate numbers constantly.
- Report to the FTC at reportfraud.ftc.gov.
- Verify the message at the ScamVerify text checker to check the sender and any URLs.
- If you already clicked and entered information, contact your bank immediately, change passwords for any accounts you accessed through the link, and monitor your credit reports.
Understanding what happens when you tap a malicious link is critical. Our guide on what happens when you click a scam text link covers the full technical chain from click to compromise.
Analyze a suspicious text
Paste the text message you received for instant AI-powered scam analysis.
FAQ
Why do fake shipping texts always ask for a small payment?
Small fees ($1.50 to $4.99) are deliberately chosen to avoid triggering fraud suspicion. Most people will pay $3 to get a package without questioning it. But the real goal is not the $3. It is your credit card number, which scammers use for larger unauthorized purchases or sell on dark web marketplaces where stolen card data trades for $10 to $50 per card.
How can I tell if a USPS text is real?
USPS sends legitimate tracking updates only if you opted in through Informed Delivery at informeddelivery.usps.com. Legitimate USPS texts come from short codes (like 28777), reference a tracking number you already have, and never ask for payment or personal information. Any USPS text from a regular 10-digit phone number asking you to click a link or pay a fee is a scam.
Why are .com domains used in scam texts if .com is supposed to be trustworthy?
The .com extension has no security verification built in. Anyone can register a .com domain for $10 to $15 per year with minimal identity checks. ScamVerify's URLhaus data shows 60,047 malicious domains using .com, representing 81% of all tracked malicious domains. Scammers prefer .com precisely because consumers associate it with legitimacy.
I clicked a link in a fake delivery text. What should I do now?
If you entered payment information, contact your bank or credit card company immediately to freeze the card and dispute any charges. Change passwords for any accounts you accessed after clicking. Run a malware scan on your phone. Monitor your credit reports at annualcreditreport.com for new accounts you did not open. File reports with the FTC at reportfraud.ftc.gov and your carrier by texting 7726.
