Smishing alert as fake UPS texts trick people into clicking dangerous links

Warning issued over fake UPS text alerts

Scammers are now using text messages that pretend to be from UPS to trick people into clicking harmful links. These messages usually claim that a package was missed, delayed, or needs a customs fee, and ask the recipient to tap a link for more information.

Once clicked, the link may lead to a fake UPS website designed to steal login credentials, credit card numbers, or install malicious software. The FBI and cybersecurity experts have warned that real delivery companies rarely ask for personal information through text messages.

How the scam unfolds step by step?

The fake UPS text typically starts with a short message about a supposed missed delivery. It may instruct the user to reply with “Y” or “YES” to reschedule or proceed. Once the reply is sent, a clickable link appears.

That link usually takes the person to a web page that looks almost identical to the real UPS site. The fake site asks for personal or financial details under the pretense of verifying a delivery. In some cases, the link may also download spyware or tracking tools without consent.

Why smishing is especially effective now?

Smishing, which refers to phishing through text messages, is becoming more effective because many people trust texts more than emails. Phone screens often shorten or hide full URLs, making it harder to spot fake links.

Scammers also time these attacks around major shopping seasons or when people expect deliveries. With online shopping at an all-time high, people are more likely to tap on a message that appears to be about a package. This false sense of urgency increases the chances of a successful attack.

Recent surge prompts FBI warning

The FBI has issued a formal alert about the rise in smishing attempts related to deliveries. One of the most common scams involves texts that claim an unpaid toll or customs fee is preventing a package from being delivered.

In 2024 alone, over two thousand such cases were reported involving similar language and links. Authorities have urged people not to respond to suspicious texts and to avoid clicking on any links unless verified through a delivery company’s official app or website.

Don’t click that UPS text without checking

According to TechRadar, fake UPS texts often use vague greetings like “Dear Customer” and lack tracking numbers or specific delivery details. They may come from unfamiliar phone numbers or use strange punctuation.

One of the biggest warning signs is the use of fake links that mimic UPS domains, such as URLs with slight spelling changes or extra symbols. Even replying to the message can activate follow-up scams. If you are not expecting a delivery, the safest option is to delete the message immediately.

Victims report stolen data and drained accounts

People who fall for these fake UPS texts often end up sharing sensitive information without realizing it. In some cases, victims have reported stolen credit card numbers, drained bank accounts, and unauthorized charges soon after clicking the link.

Others unknowingly downloaded malware that gave scammers remote access to their devices. This allowed criminals to monitor passwords, read messages, and even track location data. What starts as a harmless-looking delivery update can quickly turn into serious identity theft.

UPS confirms it does not send links for payments

UPS has made it clear that it does not ask customers to pay fees or provide personal information through unsolicited text messages. The company urges users to ignore such messages and to use official tracking through its app or website.

If a package does require a fee or signature, UPS will notify the recipient using proper delivery tags or verified email addresses. Any request involving urgent payments through a link should be treated as a scam.

Criminals exploit trust in well-known brands

Scammers use trusted brands like UPS because people recognize the name and are more likely to open the message. The fake texts often copy the company’s colors, logos, and phrasing to seem believable.

This type of scam is not limited to UPS. FedEx, DHL, and even postal services have been spoofed using similar techniques. The goal is to lower your guard by making the message feel familiar and legitimate at first glance.

Phone carriers work to block fake messages

Telecom companies in the United States have taken steps to reduce smishing attempts. Some carriers now filter suspicious texts and mark them as potential spam. Others block links from known scam domains before they reach the user.

Despite these efforts, many fake texts still slip through. Scammers regularly change phone numbers and web addresses to avoid detection. That is why individuals still need to stay cautious and avoid clicking on anything unexpected.

Scammers often target older adults

While anyone can be targeted, scammers often focus on older adults who may be less familiar with online safety. These victims are more likely to trust a message that looks official and may not notice subtle signs of fraud.

Family members and caregivers are encouraged to talk to older relatives about how these scams work. Simple steps, such as never clicking on unknown links or sharing payment information by text, can help prevent major losses.

Smishing tools are cheap and widely available

Scammers no longer need advanced technical skills to launch these attacks. Many use cheap software kits that automate the process of sending fake texts and creating fake websites.

Some kits even include templates that look like real delivery company pages. These tools are sold on the dark web and sometimes in open forums. This makes it easy for criminals to reach thousands of people with very little effort or cost.

Law enforcement tracks international smishing rings

These scams are not always the work of lone individuals. Law enforcement has found that many smishing attacks come from coordinated crime groups operating in multiple countries.

Authorities in the United States, Europe, and Asia have investigated smishing rings that use stolen SIM cards, fake websites, and bulk messaging systems to target victims around the world. These groups often switch tactics quickly to stay ahead of detection efforts.

Security experts urge stronger digital habits

Cybersecurity experts recommend simple but effective steps to avoid smishing. First, never click on links in unexpected messages, even if they appear to come from a trusted company.

Second, install a security app that warns you about unsafe websites and blocks malicious links. Finally, check all deliveries through official apps or websites by manually typing the address. These habits make it much harder for scammers to succeed.

Companies face growing pressure to warn users

Delivery companies like UPS, FedEx, and USPS have added warnings to their websites about smishing. Some include examples of fake messages to help customers recognize the signs.

There is also pressure on these companies to improve how they notify customers, so that scammers have fewer chances to exploit confusion. Clearer delivery alerts, verified contact methods, and public awareness campaigns are all part of ongoing efforts to reduce smishing success.

Fake UPS links may install hidden apps

Many of the fake UPS messages lead to websites that try to install malicious apps. These apps can secretly run in the background, recording what you type, accessing your photos, or using your phone’s microphone.

In some cases, the apps are disguised as delivery trackers or payment tools. On Android phones, they can install without the user noticing if certain settings are enabled. On iPhones, users are usually asked to approve the installation, but some still accept the prompt by mistake.

A lot of people don’t stay alert or check their phones closely, so they often miss small changes, and that’s exactly how scammers slip through. Here’s how to check if your phone was hacked.

Staying alert can prevent major damage

Smishing scams rely on people acting quickly without thinking. They create a false sense of urgency to trick you into clicking before asking questions.

Recognizing the signs and slowing down can make all the difference. If a message seems strange or too sudden, take a moment to verify it through official channels. One pause can save you from losing money, leaking private data, or putting your phone at risk.

Many people think using a strong password makes them completely safe, but that’s not the full story, because here’s why your passwords are useless without MFA & 2FA.

What do you think about this? Let us know in the comments, and don’t forget to leave a like.

Read More From This Brand:

• New SMS Scam Uses Elon Musk’s Face to Steal Money
• Watch Out for Google PayPal Phishing Scam
• Hackers Use $TRUMP Tokens in New Phishing Scam

Don’t forget to follow us for more exclusive content right here on MSN.

If you liked this story, you’ll LOVE our FREE emails. Join today and be the first to get stories like this one.

This slideshow was made with AI assistance and human editing.