For nearly two decades, I've had the profound privilege of teaching older adults to embrace and understand technology. And in all that time, one constant remains: the human element. We're all busy, we all have moments of distraction, and we all want to believe the best in people. Unfortunately, scammers prey on these very human tendencies, especially when it comes to something as seemingly innocuous as a text message about a package. I 'm Suzy Ahn, and today we're going to unpack (pun intended!) one of the most prevalent and insidious tricks out there: the package delivery text scam.

It seems almost daily that a new wrinkle appears in the world of digital deception. But the "package delivery" text scam has proven remarkably persistent because it touches on something universal: the expectation of a package. Whether it's a birthday gift, a grandchild's school project, or that new gadget you ordered, we're all awaiting something. And that anticipation is precisely what these scammers exploit.

Last Tuesday, a 78-year-old reader emailed me with a screenshot of a text message. It said, "Your UPS package is waiting for payment of a small fee to finalize delivery. Click here: [suspicious link]." She was quite distressed, as she'd been expecting a new set of garden tools. "Suzy," she wrote, "I almost clicked it! It looked so real!" This is exactly why we need to talk about this. These aren't clumsy, obvious emails anymore; these are sophisticated, convincing traps.

What Exactly *Is* a Package Delivery Text Scam?

At its heart, a package delivery text scam is a type of "smishing" – that's phishing, but via SMS (text message). The scammer sends you a text message designed to look like it's from a legitimate delivery service like USPS, FedEx, UPS, or even Amazon. The message usually creates a sense of urgency or concern, prompting you to click a link.

Common scenarios include:

• "Your package has an unpaid shipping fee."
• "Delivery attempt failed. Reschedule here."
• "Your package is being held due to an incorrect address."
• "Confirm your delivery preferences for package [tracking number]."
• "There's an urgent update regarding your shipment."

The goal is always the same: get you to click that link. Once you do, you're often led to a fake website that looks remarkably like the real delivery company's site. This fake site then tries to harvest your personal information – credit card numbers, bank details, passwords, social security numbers, or other sensitive data. Sometimes, merely clicking the link can even covertly install malware on your device, which can then steal information in the background.

Why These Scams Are So Effective (And Why You're Not Alone)

These scams are incredibly effective for several reasons, and it has nothing to do with how "tech-savvy" you are. It's about human psychology and the sheer volume of legitimate online activity we all engage in.

1. Ubiquity of Online Shopping: We order so much online these days! It's easy to forget what's coming when. A text about an unexpected package can easily slip past our guard.
2. Sense of Urgency: Scammers are masters of creating panic. Phrases like "urgent," "action required," or "your package will be returned" push us to act without thinking clearly.
3. Sophistication: Gone are the days of misspelled words and obviously fake graphics. These scam texts often have perfect grammar and persuasive language. The fake websites often mirror the actual delivery services' branding almost perfectly.
4. Personalization Attempts: Sometimes, these scams might even use your name, or a tracking number that looks plausible, making them seem more legitimate. They might gather this information from data breaches or simply guess.
5. "Just in Case" Mentality: Many of us think, "What if it *is* real? What if I miss an important package?" That doubt is all a scammer needs.

I remember one of my students, bless her heart, a wonderfully spry gentleman named Arthur, who was always skeptical. He'd been using an iPhone for years (he had an iPhone 13 Pro Max then, running iOS 16 at the time, now updated to iOS 17 of course!) and thought he knew all the tricks. One day, he brought in his phone with a text from "USPS" about a package being held. He hadn't ordered anything in weeks! But his daughter, who lives out of state, often sends him gifts without telling him. "It sounded just like something she'd do," he explained, "a little surprise!" He was only minutes away from entering his credit card details for a supposed $2 "redelivery fee." It was only his ingrained habit of checking with me that saved him. It goes to show, even the most vigilant among us can be caught off guard.

Red Flags: How to Spot a Fake Delivery Text

Becoming an expert scam-spotter is less about memorizing every trick and more about developing a healthy skepticism. Here are the key indicators to look for:

1. Unexpected Texts: Did you order something recently? If not, be highly suspicious of any text claiming to be about a package. Even if you did order something, cross-reference it with your order confirmations.
2. Demands for Immediate Action/Sense of Urgency: "Act now or your package will be returned!" "Final notice!" "Payment required within 24 hours!" Legitimate companies usually give you ample time and clear instructions.
3. Requests for Personal Information: Official delivery services rarely, if ever, ask for sensitive information like your social security number, bank account details, or extensive personal data via text message to resolve a delivery issue. They already have most of what they need.
4. Small "Fees" or "Taxes": Be extremely wary of requests for small payments (like $0.99, $1.99, or $2.99) to release a package. This is a classic tactic to get your credit card information, which they can then use for much larger, unauthorized purchases.
5. Suspicious Links: This is the biggest red flag! The link provided in the text will often look odd.
• Look at the domain: It might say something like "ups-tracking.co" instead of "ups.com" or "fedex-update.xyz" instead of "fedex.com." The core domain (the part right before .com, .org, .net, etc.) should be the official company name. Even if it *looks* legitimate, don't trust it without verifying.
• Random characters: A link full of random letters and numbers is a dead giveaway.
• Shortened links: Services like bit.ly or tinyurl are often used by scammers to obscure the true destination of the link. While legitimate companies sometimes use these too, proceed with extreme caution.

A good rule of thumb: Never click on a link in an unexpected text message. If you are concerned about a package, open your browser (Safari on an iPhone, Chrome on an Android phone) and go directly to the official website of the delivery service (e.g., ups.com, fedex.com, usps.com, amazon.com). Log in there or enter your tracking number on their official site. That's the safest way to verify.

6. Generic Greetings: Often, these messages will start with a generic greeting like "Dear Customer" instead of your actual name. While not always a scam indicator (some legitimate automated messages are generic), it's another piece of the puzzle.
7. Poor Grammar or Spelling (Less Common Now): While older scams were rife with errors, modern scammers have improved. Don't rely solely on this, but if you do see mistakes, it's a sure sign of a scam.

For more general advice on spotting these kinds of digital traps, I highly recommend reading our article: How to Spot Phishing Text Messages. It covers many of the broader principles that apply here too.

What Happens If You Click the Link?

The outcomes can vary, none of them good:

• Phishing for Information: You're taken to a fake website designed to look exactly like the real thing. It'll ask you for your name, address, current password, credit card number, security code, and maybe even your Social Security number or date of birth. Entering this information hands your data directly to the scammers.
• Malware Installation: In some cases, simply clicking the link can trigger the download of malicious software (malware) onto your phone or tablet. This malware can then spy on your activities, steal information in the background, send premium text messages without your knowledge, or even lock your device and demand a ransom (ransomware).
• Subscription Scams: Some links might secretly subscribe you to expensive premium services, adding charges to your phone bill.
• Identity Theft: With enough personal information, scammers can open new credit accounts in your name, empty your bank accounts, or commit other forms of identity fraud.

How to Protect Yourself and Your Loved Ones

Prevention is always better than cure, especially with these kinds of scams. Here's what I tell all my students:

1. Never Click the Link: I cannot emphasize this enough. If you didn't expect a text about a package, or even if you did but something feels "off," do NOT click any links.
2. Go Directly to the Source: If you're genuinely concerned about a package, open your phone's web browser (whether it's Safari on your iPhone or Chrome on your Android device). Type out the official website address yourself (e.g., fedex.com) or use a bookmark you know is legitimate. Then, log in or use your known tracking number.
3. Verify the Sender: Check the sender's phone number. While scammers can spoof numbers, often they use unusual numbers that don't look like standard company contact numbers.
4. Enable Multi-Factor Authentication (MFA): For all your important online accounts (banking, email, social media, shopping sites), turn on multi-factor authentication. This adds an extra layer of security, usually requiring a code from a text or an authenticator app in addition to your password. Even if a scammer gets your password, they can't access your account without that second factor.
5. Keep Your Software Updated: Make sure your smartphone's operating system (like iOS 17/18 on an iPhone or Android 14/15 on an Android phone) is always up to date. These updates often include crucial security patches that protect against new threats. You can usually find this under Settings → General → Software Update (iOS) or Settings → System → System update (Android, though paths can vary slightly by manufacturer like Samsung or Google Pixel).
6. Use Good Antivirus/Security Software: While built-in phone security is strong, consider a reputable mobile security app for an extra layer of protection, especially for Android devices.
7. Educate Yourself and Others: Share this information! Talk to friends, family, and neighbors. The more people who are aware, the fewer victims there will be.
8. Consider Blocking Unknown Senders: On an iPhone, you can go to Settings → Messages → Message Filtering, and turn on "Filter Unknown Senders." This puts messages from numbers not in your contacts into a separate list. On Android, your Messages app generally has options to block numbers; look for it in the settings or by long-pressing a message.

Reporting These Scams: Your Role in Fighting Back

You can help combat these scams, even if you didn't fall for them:

1. Forward the Text to 7726 (SPAM): This is a free service provided by cellular carriers in the U.S. and Canada. Simply forward the suspicious text message to the number 7726. Your carrier will use this information to investigate and block similar messages in the future. You might be asked to provide the sender's number.
2. Report to the FTC: The Federal Trade Commission (FTC) collects reports of scams. You can file a report at reportfraud.ftc.gov.
3. Report to the Anti-Phishing Working Group (APWG): You can report suspicious emails and texts to reportphishing@apwg.org.
4. Contact the Company Being Impersonated: If the scam is pretending to be from a specific company (like UPS or Amazon), you can often find a dedicated fraud reporting email or page on their official website.

What to Do If You've Already Clicked the Link or Shared Information

Don't panic, but act quickly. It happens to the best of us.

1. Disconnect from the Internet: Immediately turn off Wi-Fi and cellular data on your phone. This prevents any further data transmission by malware.
2. Change Passwords: If you entered any passwords on the fake site, change them immediately on all accounts where you use that password. Start with your email, banking, and shopping accounts.
3. Contact Your Bank/Credit Card Company: If you entered credit card or bank details, call your bank and credit card companies instantly. Explain the situation, cancel cards, and monitor your statements closely for any unauthorized transactions.
4. Run a Scan: If you have mobile security software, run a full scan.
5. Factory Reset (Last Resort): If you suspect malware and can't remove it, a factory reset might be necessary. But be warned, this will erase all data on your phone. Make sure your important photos and documents are backed up first!
6. Monitor Your Credit: Keep a close eye on your credit reports for any suspicious activity. You can get free annual credit reports from annualcreditreport.com.

These scams are a persistent nuisance, but with awareness and a few careful habits, you can protect yourself and your peace of mind. Remember, if something feels off, it usually is. And when in doubt, "when in doubt, check it out" – but always by going directly to the official source yourself. Stay vigilant, stay safe, and keep those digital defenses strong!