• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » News » USPS Delivery Notification Scam Steals Credit Cards

USPS Delivery Notification Scam Steals Credit Cards

2020-12-23 by Michelle Dvorak

USPS Delivery Notification Scam

Phishing Scam Impersonates USPS Uses Fake Web Page to Steal Payment Cards

Note: We may earn a commission from products or services when you click on a link and make a purchase.

Fraudsters are using fake United States Postal Service (USPS) delivery notifications to steal payment card numbers. The scam notifications are phishing emails sent to victims who may be tricked into entering payment card numbers to ensure their package’s delivery.

USPS Scam Notification – Image: Abnormal Security

The scam impersonates US Postal Service delivery notifications. Fraudsters use malicious phishing emails to lure people into clicking on a link that takes them to a credit card stealing web page. The notification includes a fake tracking number and branding to increase its credibility.

  • READ New Stimulus Payment Scam Impersonates NYS DOL

“With holiday delivery deadlines quickly approaching and online orders continuing to pour in, courier services are facing increasing pressure from anxious consumers,” says the report from AbnormalSecurity.

XEMoney Transfer

Victims are urged to click on a link in a malicious email. They are told that the tracking link expires in only three days. They are also instructed to pay an additional delivery fee or else their package won’t be delivered.

Spoofed email address

The email appears to originate from USPS, but in reality, it was sent from support .@ xmtservices.com.

USPS Delivery Notification Scam Message

Messaging in the email informs the reader that there is more postage owed. If the victim does not click on the tracking link and pay the additional fee, then the delivery cannot be completed.  The text of the email contains a link to a web page where the reader can supposedly pay the additional money owed.

USPS Scam Web Page – Image: Abnormal Security

The email includes the USPS logo and a tracking number to help trick the reader into believing the email is legitimate.

Spoofed USPS Web Page

If the reader follows the instructions in the email and clicks on the link to pay the fees, they are redirected to a spoofed USPS web page. Messaging and branding on the web page impersonate the United States Postal Service. The malicious web page has boxes for their reader to enter in their first name, last name, credit card number, expiration date, and security code. Like the email, the malicious webpage impersonates USPS.com and uses the Postal Service logo to help fool the reader into thinking it’s legitimate.

  • READ About All Recent Scam Alerts

How to Avoid a USPS Delivery Notification Scam

November 2020 saw a 440% increase globally in shipping phishing emails compared to the previous month says Check Point Software Technologies. Amazon, USPS, UPS, and FedEx are all targets of increasing impersonation attacks.

Motley Fool Stock Advisor

If the reader enters in their credit card information on the spoofed USPS web page, the information is sent to the fraudsters who can then use it to rack up credit card charges using the stolen credit card numbers.

  1. Be on the lookout for emails that urge you to take action. Scammers often use a sense of urgency to get victims to act quickly without scrutinizing the contents of an email. In this case, victims were told they only had three days to pay the fees or their package would not be delivered
  2. The friendly name of an email sender is different than the actual email address. Always look carefully at the sender’s email address and make sure it matches who they say they are
  3. Really, you should never click on the link in an email or download an attachment. Always go to the company’s official website and contact customer service.

Filed Under: News

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version