How to Avoid Package Tracking Scams

It's as if the Nigerian princes suddenly created a transportation firm

'Handle with care' on brown cardboard
Olivier Blondeau / Getty Images

You have to hand it to scammers — they're creative. In recent years, a rash of package-tracking scams has joined a long list of scams monitored by the Federal Trade Commission.

A typical package-tracking scam relies on email messages to convince you that you've got a package or could obtain a package fraudulently if you play along. The real goal is to either get information about you or to induce you to click a link that might infect your computer with malware.

Anatomy of a Tracking Scam

Most of these scams work by email. You'll get a notice in your inbox advising you of some sort of shipping problem or of a step you need to take to clear a package you didn't know was coming. Some of these messages are easy to spot: They're written in the same awful language littered with misspellings, poor grammar, and odd capitalization.

The Language of the Secret Nigerian Prince

A 2012 study conducted by Microsoft suggests that the poor language of most scam messages isn't an accident. Because scammers target large swaths of people, these mistakes help the bad guys hone in on ideal targets because the target is obviously gullible enough to respond in the first place. In essence, the victims self-select participation in the fraud — much to the delight of the perpetrators, who more likely than not speak the Queen's English.

Other scams are more difficult to spot at first glance because the English is intended to mimic the real thing. These messages might even look like they're from UPS, FedEx, DHL or the U.S. Postal Service. Closer inspection reveals unusual problems:

  • URLs that look odd
  • Requests for information from you about the package or your identity
  • Requests that you confirm information by clicking a link
  • Emails that omit essential information (e.g., messages starting with "Dear customer")

Protecting Yourself from Tracking Scams

The first rule to not be scammed is to never give information about yourself to anyone who either doesn't need it or should already have it. FedEx, for example, doesn't need you to confirm your mother's maiden name.

The second rule is to never click links in an email, no matter how legitimate it looks, from a shipping company if you didn't expect to see the message. For example, some people sign up for delivery-tracking messages from UPS or USPS; those are legitimate only if they're about a package you expected to receive.

Messages about shipments you didn't expect are intended to evoke greed to the point you're willing to suspend discretion in the hope of an illicit windfall. Emails inviting you to click to track your shipment of an iPhone you never ordered are a case study. No one's sending you an iPhone. Delete the message. Move on.

But What About Secret Gifts?

The fear of missing out is a powerful motivator. The idea that a friend or family member — or even a secret admirer! — sends you something unexpected surely has some allure.

Here's the thing: If there's a problem with the information about the delivery of an unexpected gift, the problem will be resolved by the sender, not by the carrier. So if a friend sends you a box of chocolates from an online retailer, it's the retailer that will clarify the necessary information to secure delivery of the package. Retailers won't send incompletely addressed packages or packages that require confirmation or special tracking, and just leave it to the carrier to figure out. (The carrier, quite rightly, will refuse to either accept or to deliver the package.)

Bottom line: Unless you're expecting the package and the message, don't click that link.