Skip to main content
    Back to Alerts
    HIGH RISK
    smishing

    Package Delivery SMS Phishing Wave

    March 22, 2026Updated Mar 22, 2026US, CA, GB, AU
    SMS
    Mobile

    Overview

    A new wave of SMS phishing (smishing) attacks impersonating delivery services like USPS, UPS, FedEx, and Amazon. Fake delivery notification texts contain malicious links.

    Expert Analysis

    GetCyberRight Analyst Assessment

    This analysis was prepared by our security team based on verified threat intelligence and official sources.

    These SMS messages claim a package could not be delivered or requires address confirmation. The links lead to phishing websites that collect personal information and credit card details. The campaign intensifies during holiday shopping seasons and major sales events.

    Indicators of Compromise

    sms
    Your package delivery failed. Confirm address: [link]

    Typical message pattern

    domain
    Various domains mimicking USPS/UPS/FedEx

    Fake delivery tracking sites

    What You Should Do

    1

    Never click links in unexpected delivery notification texts

    2

    Track packages directly through the carrier's official app or website

    3

    Report suspicious texts by forwarding them to 7726 (SPAM)

    4

    Do not enter personal or payment information on unfamiliar websites

    5

    If expecting a package, check tracking through the original order confirmation email

    Sources

    Related Guides