Holiday “Package” Texts and Emails: Read This Before You Click

Two weeks before Christmas, Joan texted us a screenshot:
“UPS: Delivery failed. Reschedule here: ups-track-secure.com/….”
Blue link, brown logo, the works. “I am expecting two gifts,” she said. “Is this real?”

We asked her to do the same move we teach everyone in December: don’t follow the link that found you; go to the place you already trust. She opened the real UPS app. No issues there. The text went in the trash, and her accounts stayed safe.

Here are the exact scams we keep seeing (you’ve probably seen at least one):

1) The “$1.50 redelivery fee” text
Looks like UPS, FedEx, or USPS. It says your package will be returned unless you pay a tiny fee. The link leads to a page that asks for your card number. Real carriers do not text you random payment links. If a fee is ever due, you’ll see it after you sign in to your actual carrier account or on a door tag—not from a mystery text.

2) The “Amazon order problem” email
Subject line: “Action required: verify your address” or “Your account will be locked.” The button says View Order, but it goes to a look-alike site with a login box. The giveaway is the sender and web address: notice@amz-support.co or amazon-verify.info. Real Amazon emails come from simple addresses, and your Orders page inside the official app is the source of truth. If there’s nothing there, there’s no problem.

3) The fake tracking page
A friend taps a link and lands on a page that looks exactly like UPS or USPS—logo, color, everything. It asks for your email and password “to see details.” That’s not how tracking works. Real tracking pages show the status when you enter just the tracking number—no login required.

4) The voicemail that says “press 1”
“Courier attempted delivery; press 1 to reschedule.” Pressing 1 starts a scripted pitch or forwards you to someone who wants information or payment. If you ever get a call like this, hang up and call the official number printed on a real door tag or the carrier’s website.

5) The door-tag QR code
We’ve seen stickers placed on mailboxes or lobby doors that say “scan to pick up your package.” Scanning drops you on a phishing page. Real carriers leave a branded slip with a tracking number, not a random QR sticker.

Okay—so what should you do when one of these shows up?

• If it’s about a package, open your real Amazon/UPS/FedEx/USPS app or type the website the way you normally do. Check Orders or paste the tracking number there. If something needs attention, you’ll see it.

• If a link looks tempting, read it slowly. Hyphens and odd spellings (ups-track-secure.com, amaz0n-support.com) are big tells.

• If your heart rate jumps, say it out loud to someone you trust. “They want me to pay $1.50 from a text.” Hearing it usually makes the answer obvious.

And if you already clicked—no judgment, it happens all the time:

1. Change your password for the account they pretended to be (and for your email, if you typed that).

2. Turn on two-factor sign-in (text or app code).

3. If you entered a card, call the bank and ask for a new number.

4. Run a quick security scan on the device, then keep an eye out for unusual sign-ins.
   We walk people through this cleanup step by step—it’s fixable.

The short, neighborly rule for the holidays: apps first, links last. Open the place you already trust and check there. Package on the way? You’ll see it. Nothing there? Delete the message and enjoy the cocoa.

If something suspicious lands in your inbox or on your phone and you want a second opinion, send it our way—we’ll take a quick look with you so you only click what’s real.