UPS scams: How to spot and report phishing emails and fraud

What is the UPS scam?

UPS scams are frauds in which malicious actors impersonate members of the UPS shipping company to lure money or sensitive information (such as login credentials) from unsuspecting people. Scammers may use phishing emails, phone calls, and text messages to reach out to victims, using the UPS brand image to create a false sense of legitimacy (also known as clone phishing). In these messages, fraudsters come up with different made-up scenarios (such as overdue delivery payments) to trick potential victims into meeting their demands, be it transferring money, releasing sensitive information, or downloading malware.

What are the dangers of UPS scams?

The dangers of UPS scams can vary from hijacked accounts and malware to identity theft and significant financial loss. In the best-case scenario, you might get your account hijacked and quickly recover it before scammers can do any harm. In the worst-case scenario, malicious actors may steal your login credentials and use them to hijack your other online accounts (that is if you use the same credentials for social media or other website logins).

Threat actors have been known to sell UPS login credentials on the black market, meaning that upon a successful UPS scam, your data may become exposed to a much wider circle than you think. That leaves you vulnerable to further cyberattacks because scammers can use the leaked data to launch phishing attacks (for example, via your leaked email) to try and steal even more data (such as your Social Security number). With that information, cybercriminals can potentially perform identity theft and steal money from your bank account, take loans in your name, or otherwise cause financial loss.

How to recognize a UPS fraud

Recognizing a UPS fraud is often easy if you know the most common telling signs. Here are the main red flags that most UPS frauds have:

• Design flaws. If you receive an email from UPS, look closely at the logos and other visual elements. If they’re oversized or otherwise suspicious-looking, someone is trying to phish you.
• Bad grammar. Spelling and grammatical errors are often synonymous with phishing scams. If you notice these mistakes in the UPS text message or email, close it and report the sender immediately.
• Sense of urgency. Causing fear and panic is a social engineering technique that scammers use, hoping to force victims into rushed decisions. That’s why most scam messages (including UPS scams) urge victims to act fast before anything "bad" happens. If you feel such pressure after receiving a UPS email or phone call, do not give in. It’s most likely scammers trying to force you into acting without thinking.
• Dubious requests. Sometimes UPS phishing emails may ask you to wire money or share sensitive data (such as your credit card information) in exchange for package delivery. If you receive such requests, it’s a 99% guarantee that someone’s trying to scam you.
• Lack of additional means of contact. Typically, services offer at least a few ways of reaching out (for example, email, mobile phone number, or web address). If your UPS email (or message) lacks contact information, be wary of a potential scam.
• Suspicious links. Strange URL handles and long strands of suspicious-looking hyperlinks are the main pieces of a phishing scam. Scammers may also use shortened URLs to appear more legitimate, so you should treat unknown links carefully and check the message for other signs of a phishing scam before clicking on anything.
• Fake tracking numbers. Scammers sometimes use fake UPS tracking numbers to appear more legitimate. Double-checking the parcel’s tracking number before engaging with the message can help you avoid getting scammed. However, remember to use the official tracking services!

IMPORTANT: Scammers often target people randomly, which means you may receive a UPS phishing email, even if you haven’t ordered anything. Treat these messages with extra caution. If you see any suspicious signs, contact UPS via their official channels to double-check (someone you know might be just trying to send you a surprise gift) and inform them about the potential scam.

Types of UPS frauds

Scammers have at least a few types of UPS frauds up their sleeves. While UPS phishing emails may be the most popular, they aren’t the only tactic malicious actors may use against you. Here are the usual types of UPS fraud:

Spam and phishing emails

Scammers love bombarding people with spam and phishing emails, pretending to represent reputable companies. UPS is no exception. UPS phishing scams revolve around UPS email or text notifications. Scammers typically masquerade themselves as members of the shipping company to send fraudulent emails, urging people to take action and click on suspicious links. In reality, these links can lead to a phishing or fake UPS website where scammers can spoof emails and other login credentials as soon as they type them into the required fields.

Fraudulent text messages or phone calls

Like UPS spam and phishing emails, fraudulent text messages and calls aim to lure people into providing sensitive information or transferring money. Scammers may use spoofed phone numbers to contact you and present an urgent delivery-related issue that calls for immediate action. Rattled targets may click on phishing links or provide sensitive information (such as bank account details) via phone without thinking twice, making this type of UPS fraud especially dangerous.

Fake websites

Scammers may sometimes use UPS brand design to create copies of the official UPS website. These fake UPS websites are often a trap for unsuspecting users because they include trackers and malware that can intercept browser cookies, hijack browsing sessions, and even spoof any text that’s been typed into the text fields (for example, email addresses and passwords).

Fraudulent checks

UPS fraud can also come in the shape of fraudulent checks and suspicious money orders. Scammers may send checks via mail pretending to be a specific UPS service, either in response to an online advertisement or as part of a fraudulent job offer. You may also receive a request via email to cash or deposit money and return a portion of it using Western Union or a similar service. Upon receiving such checks and money orders, users should treat them as fraud first, carefully evaluating the sender and double-checking with the UPS service.

Work-from-home scams

The most common fake UPS job (or work-from-home) scams include positions such as payroll (or other checks) processor, mystery shopper, and returns processing position. The victims may get messages urging them to participate in the selection process or stumble upon fake job listings online. Depending on the fake job position, the "recruiter" may ask the target to provide sensitive information, use money acquired through fraudulent money orders, or forge fraudulent checks and money orders. These UPS scams can be especially painful for the victims, exposing them to legal trouble, even if the targets were unaware of being scammed.

Reference number fraud

Scammers may contact their targets via phone or email to obtain the parcel’s reference number. It’s important to remember that UPS users should never give their reference numbers to unknown parties. Moreover, frequently changing reference numbers and devising unique variations (including a mix of letters and numbers) can help reduce the risk of getting scammed.

Common UPS scam scenarios

UPS scam scenarios often revolve around different kinds of issues, such as overdue payments or insufficient funds for package delivery. Here are the "storylines" behind the most common UPS scams:

Missing or overdue payments for package delivery

Scammers may contact their targets with messages claiming that their UPS package is on hold due to missing or overdue payments. These emails (or text messages) often include requests to send small fees to the sender as payment for delivery (or redelivery). However, the true danger lies in the attached links that lead to phishing websites designed to spoof your personal information.

Account or payment info requests

Another popular method malicious actors use to steal data is alleged account issues. Scammers may send their targets emails, text messages, or even phone calls with lies about the UPS account being suspended or requiring verification. Upon receiving such messages, victims are instructed to provide their login credentials and other sensitive data and verify their accounts through suspicious links. Needless to say, the links lead to fraudulent websites, where scammers can spoof entered credentials.

Fake delivery notifications

Finally, malicious actors can try to gain access to your data by sending fake delivery notifications with phishing links inside them. This scam is especially popular during the Black Friday and Christmas shopping period when people are extensively shopping or sending gifts to their loved ones and pay less attention to order confirmations and delivery messages. Fake delivery notifications may ask for your login credentials or personal information (name, surname, and physical address) to complete your delivery. If the target falls for the scam, malicious actors can then get access to the victim’s UPS account, sell login credentials on the dark web, or use the information to launch more phishing attacks.

How to report UPS phishing email

If you suspect a UPS phishing email has dropped in your inbox, screenshot it and send it to fraud@ups.com. Depending on where you live, you can also contact the UPS customer service center via phone (for example, by calling 1-888-742-5877 in the US) or UPS’s official global website.

Regardless of your chosen method, be sure to inform the UPS service center of potential scams to double-check and avoid getting scammed. For other types of scams, you can also report phishing emails to the Anti-Phishing Working Group (reportphishing@apwg.org) or contact the Federal Trade Commission (FTC) at spam@uce.gov (for US citizens only).

What to do if you fell for a UPS phishing scam

If you fall victim to a UPS phishing scam, quick action is paramount. Here’s what to do if you opened a phishing email or fell for another type of UPS scam:

• Change the compromised password. Before scammers do that for you, the first thing you should do is change the password of the compromised account. If you do that successfully, check other accounts that use the same password and change it there, too. Never reuse your password.
• Report the scam to UPS. Regardless of whether you managed to salvage your UPS account, report the scam to UPS. The service may offer additional assistance in account recovery and redirect you to the authorities, who can offer extra help.
• If necessary, report the scam to your bank and other relevant authorities. If you have reason to believe that scammers may have access to your bank account, notify your bank immediately. That way, the bank can anticipate and block any suspicious or unauthorized transactions (made by scammers using your stolen data), saving you financial trouble. In addition, you may want to reach out to authorities dealing with scams (such as the FTC in the US or Action Fraud in the UK) for further assistance.

How to protect yourself from UPS scams

Protecting yourself from UPS scams is simple, as long as you’re vigilant. While phishing emails and other fraud can’t be fully prevented, here are some tips on how to safeguard yourself from UPS and other online scams:

• Carefully evaluate urgent UPS emails and messages. Scammers rely on creating a fake sense of urgency to trick the targets into spontaneous reactions. If you get a UPS email that sparks that sense of urgency, keep your cool and evaluate the situation — look at the sender’s email domain, avoid clicking on links or providing information, and contact UPS directly to make sure you’re not being scammed.
• Keep a close eye on your invoices for suspicious activity. It can help you notice discrepancies and potential scams.
• Beware of dubious attachments. Sometimes, scam emails include document attachments. Since knowing which email attachments are generally safe to open can be tricky, you should always treat them with additional caution and check for signs of scam in the email before opening unknown files.
• Set up your UPS account’s security. Limiting third-party or freight-collector charges and updating your authorized user lists can help safeguard your UPS account from unauthorized users. Setting your account to block all inbound charges and updating the charging exceptions list may help protect you from fake money orders and fake charges.
• Enable two-factor authentication (2FA). Set up 2FA on all your online accounts. It will help you prevent scammer login attempts and notify you of suspicious activity the second it takes place.
• Use NordVPN: Online safety tools like NordVPN’s Threat Protection Pro™ can help you safeguard your data from malicious actors. Threat Protection Pro™ feature blocks malicious websites, detects phishing attempts, and checks files for malware as they are being downloaded.

Protecting your online safety requires vigilance. Remember, UPS will never ask for sensitive data, payments, or credentials via email or phone. If you suspect suspicious activity, always contact UPS via their official channels.