USPS Phishing Scams: You’ve Got a Package … ‘On Hold’

Example of USPS phishing scam email message

With the enormous spike in online shopping since early 2020, USPS phishing scams are also on the rise. Cyber criminals are impersonating the USPS and other shipping companies with email messages related to package deliveries. Consumers and business purchasing agents who are waiting for multiple packages may have difficulty recognizing scam emails. 

Recent USPS Phishing Scams: Your Delivery is “On Hold”

The most recent phishing (email) and SMiShing (mobile text) scams in 2021 are luring customers into providing sensitive information in exchange for the release of a package that is “on hold.” Cyber criminals send what appears to be an official-looking email complete with United States Postal Service (USPS) logos. The content of the email/text declares that the customer has a package that cannot be delivered due to an insufficient address. They request a small amount of money to “re-deliver” the package. Then they ask for credit card information, which once entered, initiates a screen pop up asking for the customer’s date of birth and social security number to “verify and protect” their identity.

MailGuard explains in more detail how this USPS phishing scam works.

Your Package is Being Held In Customs

The USPS is not the only organization showing an increase in this type of phishing exploit this year. The Better Business Bureau (BBB) recently warned consumers about a new phishing, SMiShing and vishing scam in which cyber criminals are impersonating U.S. Customs and Border Protection agents and claiming they intercepted a package addressed to the consumer. 

There are two versions of this latest scam that have been reported to the BBB. In one version, the consumer receives a call, email or text message saying U.S. Customs and Border Protection intercepted a suspicious package addressed to the consumer. The consumer is then urged to respond rapidly or a warrant will be issued for their arrest. 

In the other version of the scam, someone claiming to be an agent associated with U.S. Customs and Border Protection reaches out to the consumer via telephone claiming they have intercepted a package that has a massive prize. The consumer must then pay a fee for special shipping labels in order to receive the package.

How to Avoid USPS Phishing Scams

Consumers are warned to be aware of such emails and/or texts. Don’t fall victim to these shipping scams! Be cyber safe and cyber smart. Here are some tips on how to avoid becoming another cyber crime victim:

  • Be aware. Often if you look closely at emails and text messages you will find that the sender’s email or text doesn’t match the sender at all. In some cases (especially in the USPS phishing scams) the email address is based in another country like the United Kingdom. Obviously, the United States Postal Service will not use an email address based in another country.
  • Beware of unsolicited communication. Calls, text messages and/or emails received by any government agency should automatically put consumers on edge. Government agencies typically only reach out by mail, so it is a huge red flag if someone calls, emails or texts you claiming to work for USPS, U.S. Customs and Border Protection or any other government agency.
  • Never provide sensitive personal or financial information. Never provide sensitive information to a non-solicited caller. In the case of the U.S. Customs and Border Protection scams, cyber criminals claiming to be agents provided a name and badge number to gain the trust of the consumer. Do not fall for it! This is simply an attempt to gain your trust and should be ignored.
  • Update, update, update. Make sure you keep all of your hardware and software up to date with the latest security updates and patches as a standard safety precaution.
  • Report malicious activity. If you receive any correspondence concerning the scams listed in this article, take these actions:
    • Report correspondence claiming to be from the U.S. Customs and Border Protection to the Federal Trade Commission (FTC) at
    • For USPS phishing scams, all suspicious correspondence and notifications claiming to be from the USPS should be deleted.
    • Suspicious notifications claiming to be from the BBB should be reported at

Contact Global Learning Systems today to learn more about our Personal Security training to learn best practices on how to keep your information safe at home, work and on the go.

GLS Logo

Enjoying our cybersecurity blogs?

Try out our weekly security awareness tips, sent directly
to your inbox.
GLS Logo

Your download is complete!

Need more training?