Threat Intelligence Directory
Phishing
Fake Package Delivery Fee Demand
Attack Trigger
Anticipation of a real package makes the fee request seem plausible
What Attackers Want
Full payment card details (used for larger fraud later)
How This Attack Works
Scammers impersonate USPS, FedEx, or UPS claiming your package is held due to unpaid customs or delivery fees. The linked payment page collects full card details and sometimes personal ID documents.
Red Flags to Watch For
- ✗Sender is not from the official carrier domain (@usps.com, @fedex.com, @ups.com)
- ✗Link does not go to the carrier's official website
- ✗Delivery fee is unusually small ($1–$3) to lower your guard
- ✗Page requests your full card number and billing address for a minor charge
Known Malicious Domains
These domains have been associated with this attack. Never click links going to these addresses.
- usps-delivery-fee.comMALICIOUS
- fedex-package-alert.netMALICIOUS
- ups-delivery-confirm.comMALICIOUS
Glance automatically blocks emails from domains on this list. Domain list is not exhaustive — attackers register new domains continuously.
How Glance Stops This
- Domain similarity analysis catches lookalike sender addresses at millisecond speed
- SPF / DKIM / DMARC validation flags authentication failures before you ever see the email
- VirusTotal + Google Safe Browsing checks every link in real time
- Urgency language detection scores the email higher for manual review
- Known malicious domain blocklist updated continuously from live scan data
Don't wait to get hit.
Glance scans every incoming email against 12 detection layers — including the exact tactics described above — before it reaches your inbox.
Protect My Inbox — Free