A high-level UPS phishing scam where attackers use fake “address correction” messages to steal credit card data and 3D-Secure codes. This logistics-based threat exploits urgent SMS or email notifications to lure victims to a fraudulent site designed to harvest personal information and payment details, often by requesting a nominal re-delivery fee.
🛡️ Cybersecurity Measures: How to Avoid UPS “Delivery Fee” Phishing
To protect your financial data and personal information from international shipping scams, follow these essential safety rules:
1. The “Small Fee” Red Flag (Micro-payments)
Phishing sites often claim that a tiny amount (e.g., $1.99 or 2.00€) is required for “customs clearance” or “redelivery.”
- Action: This is a psychological trick. Legitimate shipping companies like UPS do not request such payments via SMS links. If a site asks for your CVV code (the 3 digits on the back of your card) to pay a minimal fee, it is 100% a scam designed to harvest your full credit card credentials.
2. Verify the Official Domain (The URL Rule)
Scammers use deceptive URLs that look official at first glance (e.g., ups-package-check.com, tracking-ups-verify.net, ups-redelivery-service.xyz).
- Action: The only official website for UPS is ://ups.com. Before entering any details, ensure the address bar shows exactly this domain. Any variation, even with “ups” in the name, is fraudulent.
3. Ignore “Action Required” SMS/Email Links
Scammers send “Smishing” (SMS phishing) messages claiming: “Your package is held at our hub due to a missing house number. Please update your details here.”
- Action: UPS never sends unsolicited text messages asking for personal or payment information in exchange for package delivery. If you receive such a text, do not click the link.
4. Use the Official UPS Tracking Tool
If you are genuinely expecting a shipment, verify its status through secure, official channels only.
- Action: Go to ://ups.com manually and enter your tracking number directly, or use the official UPS Mobile app. If there is a real issue with your address or a pending fee, it will be clearly flagged there without needing to follow a suspicious link.
5. Look for “Urgent” Countdown Tactics
Phishing pages often feature timers or warnings like “Your package will be returned to sender in 12 hours” to force you into making a mistake.
- Action: Stay calm. Check the sender’s email address or phone number. If the email comes from a public domain (like @gmail.com or @outlook.com) or the phone number is a standard 10-digit mobile line, it is a scam.
6. Report the Fraud
Reporting helps prevent others from falling victim to the same infrastructure.
- Action: You can report UPS-themed phishing by forwarding the fraudulent email to [email protected] or by using your phone’s “Report Junk” feature for SMS messages.