Fake USPS Account Takeover Phishing Scam
Phishing emails and texts impersonating USPS claim the recipient's USPS.com account has unusual activity and must be verified, harvesting login credentials. A compromised USPS.com account gives access to Informed Delivery mail scans, saved addresses, and package redirect settings.
Part of: Account Takeover Scams
Last reviewed: 7 June 2026
USPS.com accounts store genuinely sensitive information: your home address, Informed Delivery mail scans, package redirect settings, and for business shippers, shipping account details. The USPS account is also linked to the broader USPS digital ecosystem, making it a worthwhile credential target.
Phishing emails and texts impersonating USPS security alerts claim unusual activity on the account, prompting an urgent login. This format mirrors legitimate account security communications from many services, lowering the recipient's guard by feeling routine.
Real USPS.com security alerts are sent from @usps.com or @email.usps.com and direct you to sign in at usps.com — never to a third-party link. USPS.com supports two-step verification, which adds a significant barrier to account takeover even when a password is compromised.
How this scam works on the USPS brand
Phishing emails claim: 'USPS: We detected unusual login activity on your account. Verify your account to prevent suspension: [link].' The link opens a convincing replica of the USPS.com login page harvesting email and password.
With those credentials, the attacker can log in to the real USPS.com account, access Informed Delivery mail scans (which may show incoming financial documents), change delivery addresses, and redirect packages in transit.
Some attackers use compromised USPS.com accounts to register Informed Delivery at a victim's address in a separate identity-theft step, gaining a window into the victim's incoming physical mail.
Common red flags
- Unsolicited USPS email about unusual account activity with a verify link
- Link goes to a non-usps.com domain
- Email address is not from @usps.com or @email.usps.com
- No corresponding alert when you log in to usps.com directly
- Urgency: 'account suspended in 24 hours if not verified'
- Page asks for your USPS password on a non-usps.com site
- Email uses generic 'Dear Customer' rather than your account name
How to protect yourself
- Log in to usps.com by typing it directly in your browser — never via an email link
- Enable two-step verification on your USPS.com account
- Change your USPS.com password if you suspect compromise
- Check your Informed Delivery settings and package redirect preferences for unauthorised changes
- Report suspicious USPS emails to the USPIS
How to report it
- Report to the USPIS at postalinspectors.uspis.gov or 1-877-876-2455
- File a complaint with the FTC at reportfraud.ftc.gov
- Forward smishing texts to 7726
- Report phishing sites to [email protected]
- If identity theft occurred, visit identitytheft.gov
Frequently asked questions
What can a criminal do with my USPS.com account?
A stolen USPS.com account allows access to Informed Delivery mail scans, package redirect capabilities, and saved addresses. This information can be used for identity theft, intercepting physical mail, and committing further fraud.
How do I enable two-step verification on USPS.com?
Log in to usps.com, go to your account profile settings, and enable two-step verification. You will receive a one-time code by email or text each time you log in from a new device.