Your inbox shows a new email. It claims to be from FedEx. “Your package could not be delivered due to an incomplete address.”
Another email from UPS. “Tracking information attached. Please open the file to view your delivery status.” Another from USPS. “Your package is being held at the local depot. Click here to schedule redelivery.”
You are expecting a package. You ordered something online last week. Your finger hovers over the link. But something feels off. The sender address looks strange. The email has spelling errors. You are not sure if you should click.
Learning how to tell if a package delivery email is fake could save you from malware, a stolen credit card, or compromised personal information. According to the FTC's guidance on phishing scams , delivery-themed phishing is one of the most effective social engineering techniques because it targets people who are actively expecting packages. Scammers send millions of these messages every day, hoping you will click the link or open the attachment. This guide walks you through the most common fake delivery email signs and gives you simple verification methods to protect yourself, starting with the AuthentiLens Phishing Email Checker .
Package delivery email scams follow predictable patterns. These are the same social engineering mechanics behind every phishing email out there, adapted to exploit the one thing nearly everyone is doing: waiting for a delivery.
The U.S. Postal Inspection Service warns that package delivery scams spike sharply during the holiday shopping season and after major retail events like Black Friday and Prime Day, when everyone is expecting multiple packages at once.
If you notice several of these warning signs, do not click anything. Verify first.
A real FedEx email comes from @fedex.com. A real UPS email comes from @ups.com. A real USPS email comes from @usps.gov. A fake might come from @fedex-delivery.net, @ups-shipping.com, or a free email account. Always check the actual sender address, not just the display name. This is the most reliable fake delivery email sign .
“Your package will be returned to sender in 24 hours. Immediate action required. Your delivery is pending.” Scammers use urgency to stop you from thinking. Real carriers do not create panic via email.
“Click here to update your address. Please verify your identity to release your package.” Do not click. Go directly to the carrier's official website instead. Before clicking any link, learn how to check if a link is suspicious .
Hover over the link on a computer or press and hold on your phone. Look at the actual destination URL. Scammers use links like fedex-tracking.net or ups-delivery-update.com. If the link does not go to the carrier's real domain, it is a scam.
“Please open the attached invoice. Review the attached delivery confirmation.” Do not open attachments from suspicious emails. They may contain malware. Learn how to tell if an email attachment is suspicious before opening anything.
“A redelivery fee of $3.99 is required. Customs fees must be paid to release your package.” Real carriers do not ask for payment via email links. This is a classic package email scam tactic.
Real carrier emails are professionally written. Scam emails often have typos, odd capitalization, or strange word choices. “Your package cannot delivered cause address wrong.”
“Dear customer. Dear user. Hello.” Real carrier emails often include your name or reference your tracking number. A generic greeting is a classic phishing email sign .
If you have not ordered anything recently, any delivery email is automatically suspicious. Delete it immediately.
Real tracking emails include a real tracking number that matches the carrier's format. Fake emails often have no tracking number or use a random string that goes nowhere when entered on the official carrier website.
“We attempted to deliver your package but no one was home.” Check your door. Did you receive a physical notice? Real carriers leave a door tag or doorstep card. Do not trust only the email.
The FedEx, UPS, or USPS logo may be pixelated, the wrong shade, or slightly different from the real logo. Scammers often use low-resolution screenshots of carrier logos.
“Please reply with your full address. Text back your phone number.” Legitimate carriers never ask for personal information via email reply.
“Your package is being held at the local depot due to unpaid fees.” Check status directly on the carrier's official website. Do not use any link from the email to verify this claim.
Trust this feeling. You have received real tracking emails before. You know what they look like. If something feels off, do not click anything. Pause and verify.
Here are three examples of how these scams appear in practice.
Example 1: The Fake FedEx Tracking Link. The email appears to come from “FedEx” but the sender address is tracking@fedex-delivery.net. The subject line says “Your package cannot be delivered.” The body says “We attempted to deliver your package but no one was available. Click here to schedule redelivery.” The link leads to a fake login page. This is a textbook fake FedEx email sign.
Example 2: The Fake UPS Attachment Scam. The email appears to come from “UPS” but the sender address is noreply@ups-shipping.org. The subject line says “UPS Delivery Confirmation.” The body says “Your package has been delivered. Please find the delivery confirmation attached.” The attachment is a zip file containing malware.
Example 3: The Fake USPS Redelivery Fee Scam. The email appears to come from “USPS” but the sender address is service@usps-verify.net. The subject line says “Redelivery fee required.” The body says “Your package is being held at the local post office. A redelivery fee of $4.99 is required. Click here to pay.” The link leads to a fake credit card page. The U.S. Postal Inspection Service has documented this specific scam pattern and never charges redelivery fees via email links.
If you are unsure about an email, use these five methods before clicking anything.
The best protection is a simple routine. The FBI Internet Crime Complaint Center consistently lists phishing as one of the top cybercrime categories by financial loss. Most victims clicked a link they could have verified first.
AuthentiLens gives you a simple way to check suspicious package delivery emails before you click anything. Paste the email content or any link into the Phishing Email Checker . The tool analyzes the language for scam patterns, urgency tactics, and phishing scripts common to fake carrier emails.
Paste any link from the email into the Suspicious Website Checker . AuthentiLens scans the destination without you clicking it and tells you whether it shows phishing or malware indicators.
You can also take a screenshot of the email and upload it for image analysis. AuthentiLens examines the visual elements for signs of logo forgery and layout manipulation. You get 5 free scans with no account needed. Check the FAQ for more on how scanning works. AuthentiLens Pro is $9.99 per month for unlimited scanning.
If you already clicked a link in a fake delivery email or opened an attachment, act immediately.
The best protection going forward is one simple habit: never click a shipping link from an email you were not expecting. When you are expecting a package, use the tracking link from your order confirmation. That link is safe because it came from the store, not a stranger.
If you receive a delivery notification from an unfamiliar sender, do not click anything. Open your browser and go directly to the carrier website. And when you are unsure about any link, check whether the link is suspicious before you click it. A few seconds of verification can save you from malware or identity theft.
For related threats that use similar tactics, see how to tell if a USPS text is a scam and how to know if a website is fake .
Check the sender address. Look for urgency, requests to click links or open attachments, spelling errors, generic greetings, and links that do not go to the carrier's real domain. Do not click anything. Go directly to the carrier's official website.
Fake sender addresses, urgency language, links that do not go to carrier domains, attachments, requests for payment, spelling errors, generic greetings, and missing tracking numbers.
The sender address is not @fedex.com or @ups.com. The email asks you to click a link or open an attachment. The link does not go to the carrier's real website. The email creates urgency or asks for payment.
Go directly to the carrier's official website by typing the URL yourself. Use the tracking number from your original order confirmation. Scan the email with the AuthentiLens Phishing Email Checker.
AuthentiLens scans email content for scam patterns. It scans links without you clicking them. It scans uploaded screenshots for forgery. It tells you if the content is dangerous, suspicious, or safe.
Contact your bank if you entered financial information. Change any passwords you entered. Run a security scan on your device. Report the scam to the real carrier, the FTC, and the FBI IC3. Delete the email.
Never click links in unexpected delivery emails. Go directly to carrier websites. Use tracking links from your order confirmation only. Check sender addresses. Use AuthentiLens to scan suspicious emails before you trust them.
Never click a link or open an attachment in an unexpected delivery email. Always go directly to the carrier's official website using your browser. This one habit will protect you from almost all package delivery email scams.
Package delivery email scams are designed to trick you. They create urgency. They want you to click before you think. Do not let them win.
Before you click any link or open any attachment in a delivery email, pause. Check the sender. Do not click. Go directly to the carrier's website. And when you are unsure, scan it.
Try 5 free scans now at AuthentiLens and check suspicious emails, links, and attachments before you trust them.