Smishing — Fake Package / Bank Text Message

How This Attack Works

Smishing (SMS phishing) sends fraudulent text messages impersonating USPS, FedEx, UPS, or major banks. Package lures claim a small customs or re-delivery fee is required. Bank lures claim a suspicious transaction was detected. Both lead to mobile-optimized credential or payment card harvest pages designed to look native on a smartphone screen.

Red Flags to Watch For

• ✗
  Text arrives from a 10-digit number, not a registered short code used by the real carrier or bank
• ✗
  Link is a shortened URL or uses a misspelled domain rather than the official site
• ✗
  You are not currently expecting a package from that carrier
• ✗
  Fee amount is suspiciously small ($1–$3) to reduce suspicion while capturing card details
• ✗
  Page asks for full card number and CVV for a minor delivery charge
• ✗
  Urgent language: "your package will be returned in 24 hours"

Known Malicious Domains

These domains have been associated with this attack. Never click links going to these addresses.

• usps-sms-delivery.comMALICIOUS
• fedex-txt-alert.netMALICIOUS
• bank-sms-confirm.comMALICIOUS
• pkg-hold-fee-pay.netMALICIOUS

Glance automatically blocks emails from domains on this list. Domain list is not exhaustive — attackers register new domains continuously.