A sophisticated phishing campaign impersonating the United States Postal Service (USPS) is targeting residents with fraudulent SMS and emails claiming an “incomplete address” for package delivery. Victims are directed to a cloned website that steals personal information and credit card details, including CVV and 3D-Secure codes, by prompting for a small re-delivery fee.
This phishing scam uses SMS or email impersonating DHL or USPS to lure victims with fake “delivery issues” or “small fees” into entering personal data, credit card details, and 3D-secure codes. The attackers create high-fidelity clones of tracking pages to steal financial credentials and use stolen SMS codes for fraudulent purchases. To stay safe, ignore links in messages, use official company apps for tracking, and never provide a CVV code for shipping address verification.
This logistics phishing case, targeting both DHL and USPS, uses “micro-payment” baiting, where attackers request a small fee to trick victims into providing full credit card details and 3D-Secure codes. The attack exploits high shipping volumes by sending SMS messages for fake “address errors” and collecting personal data on fraudulent sites designed to steal financial credentials.
Expert Security Tip: To avoid this threat, never click links in delivery text messages, but manually enter tracking numbers on official websites and carefully read bank SMS alerts for discrepancies in transaction amounts.