Fake Delivery Texts
Smishing messages posing as couriers asking for a small fee or login to 'reschedule' delivery.
Last reviewed: 1 June 2026
What this scam is
Fake delivery texts, also called smishing (SMS phishing), impersonate parcel couriers, national postal services, and logistics companies. They send a text or messaging app notification claiming that a delivery attempt has failed, that a small customs or redelivery fee is outstanding, or that you need to confirm an address to release a parcel. The message contains a link to a phishing page that closely mimics the courier's real website.
The goal is to steal card details and personal information, which are then used for financial fraud or sold to other criminals. The small fee — often just a few pounds or dollars — is not the primary target. It is a pretext to get a victim to enter full card details on the fake page.
These messages are sent in bulk to large numbers of phone numbers, many of which belong to people who genuinely are expecting parcels. This overlap with real shopping activity makes the messages feel plausible, and the timing often seems coincidental.
How it works
The scam begins with a text or WhatsApp message that appears to come from a familiar courier name. The message is typically brief and urgent: a parcel is held, a small fee is due, or delivery will be returned in 24 hours. A link is included.
Clicking the link takes the victim to a page that copies the courier's visual design, colour scheme and logo. The page asks for a small payment, typically a convincing amount for a customs or redelivery charge. To make the payment, the victim enters their full card number, expiry date, and security code, along with their name and sometimes address.
This information goes directly to the scammers. The card details are used for fraudulent purchases, or the full set of personal details is sold. Some sites also harvest login credentials by presenting a fake courier account login page. Because the fee is small and the design is convincing, many people complete the form before becoming suspicious.
Why this scam works
The effectiveness of fake delivery texts comes from timing and plausibility. Most people order things online regularly, so a message about a parcel feels relevant even when it is not. The small fee reduces resistance — it seems like a minor inconvenience, not a threat. The urgency (return to sender, 24-hour deadline) discourages careful thought.
Smishing messages also benefit from mobile browsing habits. On a small screen, it is harder to inspect a URL carefully, and people are less likely to independently navigate to the courier's official site to verify. The combination of a trusted brand name, a small financial ask, and a deadline creates a powerful push toward compliance.
A typical pattern
A person receives a text claiming their parcel could not be delivered and a small redelivery fee is due. They tap the link, which opens a page that looks exactly like the courier's website. They enter their card details to pay the fee. Within hours, they notice unfamiliar transactions on their card — much larger than the original fee. They contact their bank, which confirms the card details were used fraudulently. The original parcel, meanwhile, is delivered normally the next day through the real courier.
Common red flags
- A small fee demanded to release a parcel via a text link
- Links to a non-official courier domain
- Urgency and a short deadline to pay or lose the parcel
- Requests for full card and personal details for a 'small' payment
- Unexpected text from a courier when you are not expecting a parcel
- The link in the message does not match the courier's official website domain
- Message asks you to 'verify' your address by entering details on a linked page
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Your parcel is held pending a [amount] redelivery fee. Pay now at [fake link] to avoid return.
We attempted delivery of your parcel today. Schedule redelivery and pay your [amount] fee at [fake link] within 24 hours.
Your parcel has been held at customs. An import fee of [amount] is due. Pay at [fake link] to release your item.
Please confirm your delivery address to release your parcel: [fake link]. Delivery will be attempted tomorrow.
Your parcel could not be delivered. Reschedule for free within 12 hours: [fake link].
Common variations
- Fee-to-release variants claiming a customs or import duty is owed
- Address-confirmation variants asking you to 'verify' your delivery address
- Login-harvesting variants presenting a fake courier account login
- WhatsApp variants with the same phishing link sent via messaging apps
- Email smishing variants mimicking courier delivery notifications
- Follow-up calls from 'courier support' after the initial text to collect more details
How to verify before you act
Never click the link in a delivery text. Instead, go directly to the courier's official website by typing the URL yourself, or open the courier's official app. Enter the tracking number from your original order confirmation to check the real status of your parcel.
If you are unsure which courier is handling a parcel, check the order confirmation email from the retailer — it will usually name the courier and provide a tracking link. Genuine couriers may send texts with tracking links, but they do not typically demand fees via SMS links, and their links will clearly show their own official domain rather than a lookalike.
If you received a text and want to check its legitimacy without clicking, you can copy just the URL (without clicking) and check it against the official courier domain name.
Payment methods used
- Small 'redelivery' fees
- Card details harvested
Who is usually targeted
- Anyone expecting a parcel
- Frequent online shoppers
What to do immediately
- Do not click the link — check parcel status only via the courier's official app or website
- If you clicked the link but did not enter details, close the browser and do nothing further
- If you entered card details, contact your bank or card provider immediately to report and block
- Change any passwords if you also entered login credentials on the fake page
- Screenshot the original text message as evidence before deleting it
- Report the message to your national fraud reporting service (e.g. forward to 7726 in the UK)
- Delete the text after reporting to avoid accidentally clicking in future
How to prevent it
- Never click links in unexpected delivery texts — go directly to the official courier site
- Check parcel status using the tracking number from your original order confirmation
- Know that genuine couriers do not typically demand fees via SMS links
- If a fee is genuinely owed for customs, it will be presented by the official courier at the door or via official post
- Look carefully at the URL in any delivery link before tapping — it should be the courier's official domain
- If you have entered card details, contact your bank immediately to block the card
- Report suspicious texts to your national anti-fraud reporting service
Evidence to preserve
- The original text message and sender number
- The full URL from the link (copy it without clicking if possible)
- Screenshots of the fake payment page if you visited it
- Any payment receipt or card statement showing the charge
- The date and time the message was received
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
Do couriers ask for fees by text?
Genuine couriers rarely demand small fees via text links. Verify any delivery only through the official courier app or website using the tracking number from your order confirmation.
I clicked the link but did not pay — am I safe?
Visiting the link alone is less likely to cause immediate harm than entering details, but some phishing pages attempt to install malware. Monitor your device and accounts, and consider running a security scan.
How do scammers have my phone number?
Numbers are often sent to in bulk without specific targeting — scammers send millions of messages hoping some recipients happen to be expecting parcels. Your number may also come from data breaches.
The fee was only a small amount. Why would that be a scam?
The small fee is a pretext. The real goal is to get you to enter your full card details on a convincing fake page. Those details are then used for larger fraudulent transactions.
Can I get money back if I paid the fake fee?
Contact your bank immediately. If you paid by card, you may be able to dispute the charge. Alert your bank to any further suspicious transactions and ask whether a new card number is advisable.
What does a real courier text look like?
Real courier texts typically include a tracking number, confirm an expected delivery window, and link to the courier's own official domain. They do not normally demand fees or ask you to verify personal details via a text link.
Should I call the number that texted me to check?
No. The phone number in the text may also be spoofed or controlled by the scammers. Use only the contact details on the courier's official website.