Fake Delivery Texts in Italy
Smishing messages posing as BRT, SDA, GLS or Poste Italiane trick Italian shoppers into surrendering card data or installing malware.
Part of: Fake Delivery Texts
Last reviewed: 1 June 2026
With Italy's e-commerce market growing rapidly, fraudulent delivery SMS messages — 'smishing' — have become one of the most common forms of phishing reported to the Polizia Postale. Messages claim a parcel is held by BRT, SDA, GLS or Poste Italiane and that a small customs fee or re-delivery charge must be paid to release it.
The timing often coincides with major Italian shopping events such as Black Friday, Natale and the summer sales period. Victims who click the link are taken to a convincing clone of the courier's website and asked to enter payment-card details.
How this scam works on Italy
The SMS typically reads: 'Il tuo pacco non e stato consegnato. Paga €1,99 per la riconsegna' followed by a shortened URL. The landing page replicates the official courier site exactly. After the victim enters card details and the small fee, the data is captured and used for larger unauthorised transactions.
Android users may also be prompted to install a malicious 'tracking app' that is actually FluBot or a similar banking trojan, which harvests credentials from banking apps and forwards them to attackers. The malware also harvests the victim's contacts and sends further smishing messages on their behalf.
In some variants the message arrives as a WhatsApp or Facebook Messenger notification rather than SMS, with the same fake courier branding.
Common red flags
- SMS from an unknown number about a delivery you did not initiate
- Link uses a URL shortener or a domain that is not the official courier site
- Request for card payment to release a parcel — legitimate couriers charge at door or via official app
- Prompt to install a mobile app from outside the official app stores
- Italian that contains unusual errors or auto-translated phrasing
- Message arrives during a major Italian retail season when you happen to be expecting parcels
How to protect yourself
- Track parcels only through official courier apps or by typing the URL directly
- Never install APK files sent via SMS or messaging apps
- If you have entered card details, contact your bank immediately to cancel the card
- Enable transaction alerts on your cards so you are notified of any unauthorised charge instantly
- Use virtual card numbers for online purchases to limit exposure
How to report it
- Polizia Postale smishing report: commissariatodips.it
- Your bank fraud team: call the number on the back of your card
- AGCM consumer protection: agcm.it — report deceptive websites
Frequently asked questions
I clicked a fake delivery link in Italy and entered my card details — what should I do?
Call your bank immediately to block the card and dispute any charges. Then change passwords on any banking app on your device, and run a security scan. Report the incident to the Polizia Postale.