Decoding the Fake Delivery: Don’t Fall for the FedEx “Duty Due” Text Scam
We’ve all been there: you’re waiting for a highly anticipated package to arrive, constantly checking your phone for updates. Suddenly, a text message pings. It’s from “FedEx,” stating that your package is stuck in transit and a small “duty fee” is due before it can be delivered.
Before you click that link to pay the fee and get your package moving, stop. You are likely being targeted by one of the most common and effective phishing scams circulating today.
At Alvarez Technology Group, we constantly monitor the evolving landscape of cyber threats, and the FedEx “duty due” scam is a persistent menace. Here is everything you need to know to spot this scam and protect your sensitive information.
How the “Duty Due” Scam Works
This scam relies on a tactic known as smishing (SMS phishing). Scammers cast a wide net, sending thousands of automated text messages hoping to catch people who are genuinely expecting a delivery.
The text usually claims that a package cannot be delivered due to an unpaid customs charge, taxes, or a “duty fee.” It includes a link that purportedly allows you to quickly pay the fee and release your package.
Here is the catch: FedEx does not operate this way. FedEx will never request payment, urgent fees, or personal information via an unsolicited text message.
Key Warning Signs
Cybercriminals are getting better at making their messages look legitimate, but there are always red flags if you know what to look for. Keep these warning signs in mind:
1. The Urgent “Do Not Click” Link
The primary goal of the text is to get you to click a link. These links often look slightly off (e.g., fedex-delivery-update.info instead of fedex.com). Never click links in unexpected text messages. ### 2. Spoofed Fake Websites If you do click the link, you will likely be taken to a website that looks remarkably similar to the actual FedEx site, complete with stolen logos and branding. However, this is a spoofed site designed with one purpose: to harvest your credit card details and personal information when you attempt to pay the fake fee.
3. Induced Panic and Urgency
Phishing thrives on emotion. The text will try to induce panic, claiming your package will be returned to the sender, destroyed, or heavily delayed if the fee isn’t paid immediately. Scammers want you to act fast so you don’t have time to think critically.
How to Handle Suspicious Delivery Texts
If you receive a message about a “duty due” or a stuck package, follow these best practices:
- Verify Independently: If you are expecting a package, do not use the link in the text. Instead, open your web browser, go directly to fedex.com, and enter your tracking number there. Alternatively, use the official FedEx mobile app.
- Report the Fraud: Help shut these scammers down. Forward the suspicious text message or a screenshot of it to FedEx’s dedicated abuse team at abuse@fedex.com. Then, block the number and delete the text.
What to Do If You Already Clicked
Mistakes happen. If you were caught off guard and clicked the link or entered your payment information, you need to act quickly to mitigate the damage:
- Contact Your Bank Immediately: Call your financial institution or credit card provider right away. Inform them that your card details have been compromised so they can freeze the account, stop any fraudulent charges, and issue you a new card.
- Monitor Your Accounts: Keep a close eye on your bank statements and credit reports over the next few weeks for any unauthorized activity.
- Update Passwords: If you entered any login credentials on the fake site, change your passwords immediately, especially if you reuse passwords across multiple accounts.
- Report to Authorities: File a report with your local law enforcement or the relevant government anti-fraud agency.
Stay Secure with Alvarez Technology Group
Cyber threats are constantly evolving, and scammers are always looking for new ways to trick consumers and businesses. Education and vigilance are your best defenses.
If you are concerned about the cybersecurity posture of your business, or want to ensure your team is trained to spot phishing and smishing attacks before they cause a data breach, [contact Alvarez Technology Group today]. Our comprehensive security solutions are designed to keep your data safe so you can focus on running your business.