Suspicious delivery message? Start with what it asked you to do.

A delivery scam usually makes a normal package issue feel urgent: a missed delivery, address problem, tracking update, customs fee, redelivery fee, postage due, or package hold. The message wants you to click, pay, enter card details, update personal information, download something, or call a number before you verify the delivery another way.

A real package delay can happen. A real carrier or retailer may send delivery updates. The risk comes from what the message asked you to do and what happened after you opened it.

Fake delivery texts versus real delivery notices

Real delivery notices usually connect to something you can verify outside the message: an order you placed, a tracking number that works on the official carrier site, a retailer order page, or a delivery app notification you already use. A suspicious notice tries to make the link in the message feel like the only way to fix the problem.

The safest check is boring but reliable. Do not use the text or email link as the test. Type the carrier site yourself, open the real carrier app, open the retailer account, or use a saved bookmark. If the message claims to be from USPS, FedEx, UPS, DHL, Amazon, or a local courier, verify through that real account or site rather than through the link.

• Do not use a message link to prove the message is real.
• Do not call a number from a suspicious delivery message.
• Be careful with shortened links, extra words around a brand name, and domains that look close but are not the carrier's real domain.
• A real-looking logo, tracking number, or urgency countdown does not prove the notice is real.
• If you are expecting a package, check the retailer order page and carrier tracking separately.

Redelivery fees, address updates, customs charges, and small payments

This is the strongest part of many delivery scams. The request feels small and normal: pay $0.30, $1.99, $4.96, or another low amount to release or reschedule a package. The fee is not the main prize. The payment form can collect your card number, billing address, phone, email, and sometimes enough information to try follow-up charges or account access.

Address-update pages work the same way. They make the form sound like a delivery fix, then collect contact information that can make later texts, calls, and emails sound more personal. Customs and postage claims need extra care because legitimate duties, taxes, or postage due can exist. The safer question is whether the fee appears in the official carrier, retailer, marketplace, or customs process you reached yourself.

If you clicked the delivery link

A common fear is that clicking one fake delivery link automatically means the phone or computer is compromised. That is not the right assumption. A link can be risky, and some pages can try to download files or push app/profile prompts, but many delivery scams still depend on the next action: typing information, paying, logging in, approving a code, or installing something.

Think through what happened, then act on that. Did the page load? Did it ask for card details, address, login, or a one-time code? Did it say the payment failed? Did it ask you to download an app, install a profile, open a file, allow notifications, or call a number?

• Clicked and page did not load: close it, do not test it again, and save the message if you plan to report it.
• Clicked and entered nothing: check for downloads, prompts, browser permissions, or account alerts, then verify the package outside the message.
• Clicked and typed but did not submit: treat the information as possibly exposed if the page may have captured it as you typed or through autofill.
• Clicked and downloaded something: do not open it again; remove unknown apps, files, profiles, extensions, or permissions.
• Clicked and called a number from the page: write down what was said and act based on any information or code you shared.

If your concern is mainly about whether your phone, app, browser, or account changed after the click, the ScamClarity page on phone and account compromise concerns can help separate a normal browser scare from a real account or device issue.

If you entered card, address, login, or personal information

The response changes with the information entered. A name, address, phone number, and email can lead to more believable follow-up scams. A card number or bank login needs financial action. A password or one-time code points to account security. SSN, ID images, date of birth, or tax details create identity-risk concerns.

• Card number, expiration date, CVV, or billing address: contact the card issuer quickly and ask about replacement, pending charges, disputes, and monitoring.
• Bank account or bank login: contact the bank through the official app, website, card, statement, or known phone number.
• Delivery account, Amazon account, email account, Apple ID, Google account, or Microsoft login: change the password from the real site and review recent sign-ins, recovery details, and connected devices.
• One-time code: treat it as possible approval of a login, password reset, account change, phone-number transfer, or payment.
• Name, address, phone, and email only: watch for follow-up messages that mention the same package, carrier, address, or fee.
• SSN, ID image, date of birth, or other sensitive identity details: use official identity-theft resources if misuse is suspected or starts appearing.

For deeper information-exposure steps, use the ScamClarity page on what to do when a scammer has your information.

Fake tracking numbers and fake orders

A tracking number can look convincing and still not prove the message is real. It may be fake, copied from another shipment, expired, unrelated to you, or real but paired with a scam link. Some scams use a real carrier name and a vague tracking-like number to make the message feel specific.

Check the tracking number only on the official carrier site or app. Then compare the carrier, sender, destination, order number, purchase date, and delivery status against the retailer or marketplace account you used. If the message arrived when you were not expecting a package, or if it names no real sender or order, treat it more carefully.

• A real tracking result should match a shipment you recognize.
• A tracking number that works but belongs to another destination, sender, or old shipment does not validate the message link.
• If the order came from a marketplace seller, verify through the marketplace order page rather than the seller's text link.
• If the message says Amazon, check your Amazon order history directly rather than entering information from the text.
• If a seller uses a tracking number to pressure you into off-platform payment, pause and verify the order separately.

What not to do now

What to save

Save evidence before deleting the message if you can do that safely. A clear record helps the carrier, card issuer, bank, platform, FTC, IC3, FCC, USPIS, or local police understand what happened.

Where to report or act

ScamClarity is not an official reporting destination. Report in the places that can act on the message, payment, account, or impersonation.

• Use your phone or email app's report junk, report spam, or block option when available.
• Forward scam texts to 7726, which spells SPAM, when your carrier supports it.
• For USPS-related package smishing, follow USPIS reporting steps and include the message, sender, date, screenshot, and what happened.
• Report consumer fraud to FTC ReportFraud.
• Report internet-enabled fraud, losses, or account compromise to IC3.
• Report unwanted calls or texts through the FCC complaint center when appropriate.
• Report impersonated carriers through official carrier channels when available, such as FedEx, UPS, or DHL fraud reporting pages.
• Contact the card issuer, bank, payment provider, retailer, marketplace, account provider, or carrier through official channels if payment or account information was entered.

For U.S.-specific reporting context, the ScamClarity United States scam reporting page explains how FTC, IC3, IdentityTheft.gov, local police, and providers fit together.

How this overlaps with smishing and phishing

Delivery scams often arrive by text, email, QR code, voicemail, or a fake tracking page. If it came by text, it is also a smishing situation. If it came by email, link, QR code, or fake login page, it also overlaps with phishing. This page focuses on the delivery-specific clues: redelivery fees, address fixes, customs claims, package holds, fake tracking, and carrier impersonation.

Use the broader smishing page if the main issue is a text-message link, reply, 7726 reporting, or phone-specific concern. Use the broader phishing page if the main issue is a suspicious email, attachment, login page, QR code, or link across channels.

Official sources used

These sources support the practical steps in this article. They are listed by purpose rather than as a long reference dump.

FAQ

How can I tell if a delivery text is fake?

Treat it as suspicious if it is unexpected, pushes you to use a link, asks for a redelivery fee, asks for card or bank details, asks for an address update, uses a shortened or strange URL, gives no real sender or order context, or pressures you with a deadline. Check the package through the official carrier or retailer, not through the message.

What if I clicked a fake delivery link but entered nothing?

Close the page and do not open it again. Check whether anything downloaded, whether a profile or app prompt appeared, whether browser permissions were allowed, or whether any account alerts appeared. A click alone is different from submitting a card number, password, code, or personal information.

What if I entered my card number for a redelivery fee?

Contact the card issuer quickly using the number on the card, the official app, or the official website. Ask about card replacement, pending charges, disputes, monitoring, and whether any attempted recurring charges or authorization holds appear.

Is a small delivery fee always a scam?

No. Some shipping, customs, duties, taxes, or postage charges can be real in specific situations. The unsafe part is paying through an unexpected message link. Verify fees through the official carrier, retailer, marketplace order, or customs process you reach yourself.

Should I call the number in a delivery text?

No, not if the message is suspicious. Look up the official carrier, retailer, marketplace, bank, or card issuer contact information yourself. A fake number can lead to someone asking for card details, login information, remote access, or one-time codes.

What if the tracking number looks real?

Check it only through the official carrier site or app. A tracking number can be fake, copied, expired, unrelated, or attached to a real shipment that is not yours. Compare it with your retailer order page, sender, destination, and expected delivery.

How do I report a fake delivery text?

Use your phone's report junk or spam option, forward the text to 7726 when your carrier supports it, and report consumer fraud to FTC ReportFraud. For USPS-related package smishing, follow USPIS reporting steps. Use IC3 for internet-enabled fraud, losses, or account compromise.

Is this the same as smishing?

If the delivery scam came by text message, yes, it is a form of smishing. If it came by email, QR code, fake website, voicemail, or app message, it may be phishing, vishing, or another impersonation pattern. The delivery-specific risk is what the notice asked you to click, pay, update, download, or share.