USPS / FedEx / UPS Delivery Failure Scam

How This Attack Works

Scammers impersonate USPS, FedEx, or UPS claiming a package could not be delivered due to an incomplete address or unpaid customs fee. The linked page requests a small re-delivery payment of $1–$3, but captures full payment card details. The real theft occurs when the card is used for much larger unauthorized transactions days later.

Red Flags to Watch For

• ✗
  Sender domain is not @usps.com, @fedex.com, or @ups.com
• ✗
  You are not currently awaiting a package from that carrier
• ✗
  Request to click a link rather than visiting the official carrier site directly
• ✗
  Re-delivery fee is suspiciously low ($1–$3) to reduce victim hesitation
• ✗
  Payment page requests full card number, expiry date, CVV, and billing address
• ✗
  Tracking number provided does not resolve on the official carrier website

Known Malicious Domains

These domains have been associated with this attack. Never click links going to these addresses.

• usps-delivery-reattempt.comMALICIOUS
• fedex-package-reschedule.netMALICIOUS
• ups-delivery-exception.comMALICIOUS
• postal-service-alert.netMALICIOUS

Glance automatically blocks emails from domains on this list. Domain list is not exhaustive — attackers register new domains continuously.