Overview
A new wave of SMS phishing (smishing) attacks impersonating delivery services like USPS, UPS, FedEx, and Amazon. Fake delivery notification texts contain malicious links.
Expert Analysis
GetCyberRight Analyst Assessment
This analysis was prepared by our security team based on verified threat intelligence and official sources.
These SMS messages claim a package could not be delivered or requires address confirmation. The links lead to phishing websites that collect personal information and credit card details. The campaign intensifies during holiday shopping seasons and major sales events.
Indicators of Compromise
sms
Your package delivery failed. Confirm address: [link]Typical message pattern
domain
Various domains mimicking USPS/UPS/FedExFake delivery tracking sites
What You Should Do
1
Never click links in unexpected delivery notification texts
2
Track packages directly through the carrier's official app or website
3
Report suspicious texts by forwarding them to 7726 (SPAM)
4
Do not enter personal or payment information on unfamiliar websites
5
If expecting a package, check tracking through the original order confirmation email