If you’ve recently gotten a text like “USPS: delivery issue — click to fix” or “pay a small fee to release your package”, you’re not alone. And even if you haven’t, keep reading — because with the ongoing surge in fake USPS messages, no one is completely safe.
This type of scam is dangerous because it usually hits at the perfect moment: you’re waiting on a gift, a prescription, a replacement credit card, something expensive, or something time-sensitive.
These fake messages are designed to make you panic-click before you think — because one rushed tap can turn into a stolen card number, a drained account, or a mess of fraud calls you shouldn’t have to deal with.
In this short case study, you’ll learn exactly what’s happening — what scammers say, how it works, why it’s spreading right now — and the simplest steps to lock these scams down fast.
Table of Contents
So, What Really Happened?
On November 12, 2025, Google filed a lawsuit to disrupt a major scam network called Lighthouse. Google says this network is behind a huge wave of text-message scams.
But Lighthouse isn’t “one scammer.” Google describes it as a Phishing-as-a-Service setup. It’s basically a subscription scam kit that helps criminals run fake-text campaigns at scale. The complaint says people can pay for access (weekly, monthly, even “permanent” licenses), pick a ready-made scam template, generate a fake website, and start sending out texts that impersonate trusted names like USPS, toll services, banks, and even Google.
And the scale is wild. Google alleges that in a 20-day period, scammers used Lighthouse to spin up about 200,000 fraudulent websites — averaging around 50,000 visits per day.
Was USPS “Hacked”?
No — USPS was not hacked. Their computers weren’t “broken into,” and your package info isn’t leaking because USPS failed.
What’s happening is simpler (and sneakier): criminals are borrowing USPS’s name to borrow your trust.
They do it because:
- USPS feels automatic. Most people get real shipping texts and tracking updates all year.
- Packages create urgency. If you’re expecting something, your brain goes straight to “Fix it now.”
- It’s a perfect cover story. A “delivery issue” sounds normal. A “small fee” sounds believable. An “address update” sounds routine.
- They don’t need your package to be real. They just need you to believe it might be real.
So the scam isn’t “USPS got hacked.” The scam is: they impersonate USPS to make you hand over your info.
Why Is This Happening?
This is happening because scams are no longer handcrafted. They’re mass-produced. Instead of building everything from scratch, criminals get a ready-made toolkit that helps them run the scam like a business. Think of it like Etsy — but for scams.
This toolkit helps them:
- Send mass text messages fast (so even if only a small percent click, they still get victims).
- Create realistic fake websites in minutes that look like a real USPS page (logos, forms, “tracking” etc).
- Collect whatever people type — name, address, phone number, email, and especially credit card details.
- Rotate and replace websites quickly when one fake site gets blocked (they just launch a new one and keep going).
In this case, scammers don’t need to be tech geniuses. They don’t need to “hack” USPS. They just need a system that helps them send the text, get the click, and steal the details.
And that’s why these scams keep coming back: when scammers can launch thousands of fake pages quickly, blocking one doesn’t stop the machine.
How the USPS Scam Works (Step by Step)
- The bait text hits your phone
It usually says your package is stuck, delayed, missing address info, or needs a small redelivery fee. It may include a fake tracking number, weird spacing (U S P S), or a shortened link. Sometimes it comes from a random phone number. Sometimes it looks like an email address. Either way, it’s built to feel “official.”
- They create urgency so you don’t think
The message pushes you to act fast:
- “Final notice”
- “Delivery will be returned”
- “Confirm within 12 hours”
- “Your package cannot be delivered”
That urgency is the trick. If you’re stressed, you’re more likely to tap.
- The link takes you to a look-alike USPS page
The page often uses USPS colors, logos, and wording to feel real. It may say something like “Address verification” or “Redelivery fee.” It’s not there to help you — it’s there to collect your details. - They ask for “normal” info first (to lower your guard)
Many fake pages start with basic info that feels harmless: name, phone number, address. Sometimes they even ask for a “captcha” step to make it feel legit. This is done on purpose: once you’ve started, you’re more likely to finish. - Then comes the “small fee” part
They ask for a tiny amount (like $0.30–$3.00) because it feels believable. But what they really want is your card number, expiration date, security code (CVV). Sometimes they also push you to enter an email/password “to confirm.”
- Your info can be stolen even faster than you think
In many of these scam setups, the page doesn’t just wait for you to press “Submit.” It may capture what you type as you type it (keystrokes). So even if you close the page halfway through, the scammers may already have enough to misuse your information. - Fraud can happen right away
Once they have your details, they may run quick test charges ($1), attempt larger purchases, add your card to a mobile wallet, sell your info to other criminals or use your address/phone for more targeted scams later.
That’s why these “small fee” texts can turn into a big headache fast.
What It Means for You
- If you click, you can land on a page built specifically to steal your info.
- If you pay a small fee, they get your card details.
- If you reuse passwords, one slip can lead to bigger account takeovers later.
What To Do Now: 4 Simple Steps That Work
Step 1 — Don’t Click. Pause Instead.
If the message is unexpected, treat it as suspicious. Close the message. Don’t tap the link. Don’t reply.
Here’s the truth you can always stick to: real delivery info still exists even if you wait 5 minutes. Scams only rely on speed.
Step 2 — Check Your Package the Safe Way
If you’re worried it might be real:
- Open your browser and type USPS.com yourself (don’t use the text link).
- Or check the original store order page (Amazon, Walmart, etc.) for tracking.
Remember: no legit delivery company needs you to “fix” your package through a random text link.
Step 3 — If You Clicked (or Paid), Do This Immediately
Don’t panic — just act fast:
- Call your bank and freeze or replace the card if you entered it.
- Change the password of any account you entered (email, Apple/Google, Amazon, etc.) — and turn on 2-step verification where you can.
- Watch for new sign-in alerts or “password reset” emails you didn’t request.
Step 4 — Block, Report, and Turn On Protection
- Mark the text as Junk/Spam and block the sender.
- Forward suspicious texts to 7726 (works with major carriers).
- Keep your phone updated, and only download apps from official stores.
At Futureproof, you get lockdown steps that prevent this and similar scams. We scan your data for leaks 24/7 and help keep your email safe. Get started today for lasting protection.
This Isn’t a USPS Problem — It’s a Click Problem
Scammers don’t need to break into anything anymore — they just need one rushed click.
So give yourself one simple rule: don’t tap delivery links from texts. Check your delivery tracking the safe way, and lock down your key accounts with strong passwords and 2-step verification. Futureproof is here to give you scam-proof protection, simple tools and expert guidance.
Because when your habits get stronger, scams get weaker.
At Futureproof, Kevin makes online safety feel human with clear steps, real examples, and zero fluff. He holds a degree in information technology and studies fraud trends to keep his tips up-to-date.
In his free time, Kevin plays with his cat, enjoys board-game nights, and hunts for New York’s best cinnamon rolls.
