As millions of Americans track holiday packages, cybercriminals are racing to exploit the season, driving a sharp spike in fake postal service websites and text-message delivery scams that experts say can lead to major financial losses.
New data from cybersecurity firm NordVPN shows malicious postal service websites jumped 86% in the past month alone, as scammers increasingly impersonate well-known delivery brands to trick consumers into clicking harmful links.
DHL was the most frequently impersonated carrier, with fraudulent websites mimicking the company surging 206% month over month. DPD Group ranked second, with a 16% increase, while the U.S. Postal Service emerged as the fastest-growing target. Fake USPS-related sites skyrocketed by 850% in a single month, according to the analysis.
“Scammers are evolving at an unprecedented pace, using AI not just to automate attacks but to make them deeply convincing,” said Marijus Briedis, chief technology officer at NordVPN. With holiday shopping in full swing, he warned, delivery notifications have become one of the most effective lures for phishing attacks.
Many of those scams now arrive as text messages — a tactic known as “smishing” — that bypasses email spam filters and lands directly on consumers’ phones. A NordVPN survey found that 38% of respondents have encountered delivery-related scams, often warning of a delayed package or urging immediate action to secure a shipment.
Federal Trade Commission data shows the financial toll is growing rapidly. Americans lost $470 million to text-message scams in 2024, five times the amount reported in 2020. Fake package delivery schemes have become among the most profitable, especially during peak shipping periods.
Scammers rely on speed and urgency. Text messages boast open rates as high as 98%, increasing the odds recipients will react before questioning authenticity. Recent scam messages claim packages are “on hold” due to unpaid tariffs or customs fees, pressuring shoppers to click links out of fear they’ll miss holiday deliveries.
Cybersecurity experts urge consumers to slow down and verify every delivery notice. Tracking numbers should be entered directly into a carrier’s official website or app, rather than clicked from a message. Messages demanding immediate payment or threatening package loss are a major red flag, experts say, as the legitimate carriers rarely request fees through random links.
Checking sender details closely is also critical. Scammers often “spoof” phone numbers and web addresses, sometimes changing a single character to appear legitimate. Any request for personal or payment information to “release” a package should be reported to the carrier or the FTC, not answered.
“Becoming a victim of an impersonated fraudulent website isn’t just about losing money or missing out on Christmas gifts,” said Tomas Sinicki, managing director at NordProtect. “Once personal or financial data is compromised, it can open the door to further fraud, extortion, and severe financial damage.”
The findings are based on aggregated data collected by NordVPN’s Threat Protection Pro service between August 1 and October 31, 2025. The company emphasized it has no affiliation with the brands being impersonated, which were cited solely to reflect scam trends during the holiday season.
For the latest news on everything happening in Chester County and the surrounding area, be sure to follow MyChesCo on Google News and MSN.