An 86% increase in malicious postal service websites over the past month has heightened the risk for consumers tracking holiday deliveries.
Cybercriminals are reportedly capitalizing on the seasonal spike in online shopping by sending convincing messages that appear to come from legitimate delivery companies, often warning of delayed or suspended packages.
The fake alerts typically arrive via text message or email and include links designed to steal personal or financial information. With shoppers expecting frequent updates, these scams are more likely to succeed during peak shipping periods.
Data published today by NordVPN showed that delivery services are being impersonated at rapidly growing rates, though the scale varies by brand. DHL was the most impersonated carrier overall, with fraudulent websites using its name increasing by 206% month-over-month (MoM).
DPD Group ranked second among targeted delivery brands, although the number of fake sites linked to it grew by a more modest 16%. The United States Postal Service (USPS) placed third but experienced the sharpest acceleration, with malicious websites imitating it rising by 850% in a single month.
“Scammers are evolving at an unprecedented pace, using AI not just to automate attacks but to make them deeply convincing,” says Marijus Briedis, chief technology officer at NordVPN.
“With the holiday shopping season in full swing, consumers must remain vigilant against increasingly sophisticated phishing schemes targeting delivery services.”
Rising Losses and Protection Strategies
Text-based delivery scams, known as smishing, are a major driver behind the trend. A NordVPN survey found that 38% of respondents had encountered delivery scams, many of which arrived directly on their phones. Text messages often bypass spam filters and are opened quickly, increasing the chance of impulsive clicks.
NordVPN also said that financial losses linked to these scams continue to climb.
Federal Trade Commission (FTC) data shows consumers lost $470m to text message fraud in 2024, five times more than in 2020.
Fake delivery notifications have become one of the most common and profitable scam formats during the holiday season.
Read more on delivery scams: Phishing Messages and Social Scams Flood Users Ahead of Christmas
Recent messages frequently claim packages are being held due to unpaid tariffs or customs fees. This tactic relies on urgency and fear of missing deliveries to push recipients into clicking harmful links.
NordVPN recommended several precautions to reduce exposure:
-
Avoid clicking tracking links in unsolicited texts or emails
-
Enter tracking numbers directly on official carrier websites or apps
-
Be cautious of messages demanding immediate action or payment
-
Inspect sender details closely for altered domains or subtle misspellings
-
Report suspicious messages to the carrier or the FTC instead of responding
“Becoming a victim of an impersonated fraudulent website isn't just about losing money,” said Tomas Sinicki, managing director at NordProtect.
“It also exposes you to further risks of fraud and extortion.”