FRAUD RESOURCE CENTER
En español | E-commerce is booming. Consumers love the ease and convenience of ordering products online and having them delivered to their doorsteps (or the doorsteps of gift recipients). Scammers love the trend, too, and have developed tricks to take advantage of the proliferation of packages, especially during the holiday season.
Their primary ploy is a phony delivery notification. With this scam, you’ll get an email or text message that claims to come from the U.S. Postal Service or a major delivery company like FedEx or UPS. The message may say that you need to confirm an order so it can be delivered, or that an unsuccessful attempt was made to drop off a package and you need to schedule another. Clicking a link in the email will take you to a company website where you can straighten things out.
In all likelihood, it’s a ruse. The scammer is hoping you order so many things online that you can’t keep track of all your purchases, or that you’ll assume it’s a gift from a friend or relative. The link takes you to a bogus site where you’ll be asked to enter personal or financial data, enabling a crook to use it for identity theft. The fake site might also be a launchpad for malware that harvests sensitive information from your device.
There are low-tech variations, too. Scammers might call you posing as employees from a delivery service, saying they need a credit card number or other sensitive data to reschedule a drop-off. Or they’ll leave a failed-delivery notice on your door with a number to call; if you do, the person on the other end will try to talk you into providing personal information to collect your purported package.
Some package crooks resort to even simpler means. These “porch pirates” watch for delivery vans that leave legitimately purchased merchandise at consumers’ doorsteps, ideally when the targets aren’t home, then swoop in and make off with the packages. A 2018 survey conducted by research firm SSRS for InsuranceQuotes.com found that 26.1 million Americans have had holiday packages stolen from their doorsteps or porches.
- You get an email or other communication about a delivery of something you don’t remember ordering.
- The message presses you to urgently make a payment or provide personal or financial information to facilitate a delivery.
- The message includes misspellings or poor grammar.
- A supposed delivery company email has a sender’s address or link with a slightly different version of a business name, such as fedx.com.
- Do be wary of unsolicited phone or electronic communications from a delivery service. Companies will usually alert you to a failed delivery by leaving a notice on your door.
- Do keep track of your online orders and their shipping status. Knowing what’s coming and when makes it easier to spot fake delivery messages.
- Do hover your cursor over links in a supposed delivery email to display the actual target URL.
- Do rely on safe ways to communicate with delivery companies. Call a confirmed customer-service number, or log on to a company’s official website and use the chat function.
- Do consider these steps to thwart porch pirates:
- Don’t respond to an unsolicited email claiming to be from a delivery service that asks you to provide, update or verify personal information.
- Don’t click on a link or open an attachment in an unsolicited email or text message that appears to be from a delivery company.
- Don’t give out personal or credit card information to a caller. Instead, find and call the company’s official customer-service number and ask if they were genuinely trying to contact you about a delivery.
- Don’t reveal your user ID or password for a delivery company’s website to a caller, or to anyone else.
- Don’t call the number on a delivery notice left on your door. If the notice names a company, call its official customer-service line to check on a supposed delivery.
- Don’t rely on official-looking logos or professional-sounding language as proof of authenticity. Scammers study and copy companies’ actual communications to make their ploys look and sound convincing.
- Report suspected package scams to the Federal Trade Commission, online or toll-free at 877-382-4357. If the scam occurred online, report it as well to the FBI’s Internet Crime Complaint Center.
- If you receive a suspicious message that claims to be from UPS, forward it to firstname.lastname@example.org for investigation, then delete the message.
- If the message appears to be from FedEx, or if you visit what you think might be a phony FedEx website, report it at email@example.com.
- Forward suspicious U.S. Postal Service emails to the U.S. Postal Inspection Service at firstname.lastname@example.org.
- If you have questions about a delivery notice from the U.S. Postal Service, visit its website or call 800-ASK-USPS (800-275-8777).
Published December 5, 2019
More From the Fraud Resource Center