That Package Notification Is a Trap

Delivery, Billing, and Subscription Scams Are Surging — and Your Employees Are Prime Targets

Spring shopping season is back, and so are the scammers who follow it.

According to the Federal Trade Commission, Americans lost $470 million to text-based scams in 2024 — nearly $100 million more than the year before.¹ And the most-reported type? Messages about package deliveries. The pattern is predictable: when online orders go up, fake USPS, UPS, and FedEx texts go up with them. Scammers count on the fact that your employees are probably expecting a package, which makes the bait harder to dismiss.

The mechanics are straightforward, which is precisely what makes them effective. A text arrives: "Your USPS package could not be delivered. Update your address to reschedule." Or: "Unusual activity detected on your FedEx account. Verify your information here." The links are crafted to mimic real carrier websites — the same fonts, logos, and sense of urgency. One click, one form fill, and the damage is done: login credentials captured, credit card numbers harvested, or malware installed on a personal device that may also connect to your employer's network. (The U.S. Postal Inspection Service is unambiguous on this point: USPS will never send an unsolicited text about a delivery issue unless the customer specifically requested tracking alerts.)

It doesn't stop with shipping. Subscription and billing scams follow the same playbook. Employees receive texts or emails claiming their Netflix, Amazon Prime, or bank account has a payment problem that requires "immediate verification." Phishing — the broader category that includes these smishing attacks — was the single most-reported cybercrime in the United States in 2024, according to the FBI's annual Internet Crime Report.²

What makes smishing, which is short for “SMS phishing”, particularly dangerous in the workplace context is the crossover risk. Most employees are reading these texts on personal phones that also access corporate email, Slack, or internal systems. A compromised personal device can serve as a potential entry point into employer data. The line between personal identity theft and a corporate security incident is thinner than most HR teams realize.

There's also the recovery problem that rarely gets discussed. Clicking a malicious link and entering credentials doesn't just expose one account — it often sets off a chain reaction. Criminals use harvested data to attempt account takeovers across financial institutions, health portals, and government accounts. According to the FTC’s IdentityTheft.gov³, victims must navigate fraud alerts across three credit bureaus, dispute fraudulent accounts with individual lenders, replace compromised government-issued IDs, and — if a Social Security number was exposed — resolve potential IRS complications. That process doesn’t happen in an afternoon; it shows up as distraction, stress, and lost productivity on the clock.

For employees who do fall for a smishing attack, having access to identity monitoring and restoration support isn't just convenient — it's the difference between catching fraud early and discovering it months later when the damage has compounded. IDShield® offers monitoring tools and licensed private investigator-led restoration services that are built for exactly these moments: fast detection, guided response, and the kind of hands-on help that doesn't put the burden entirely on an already-stressed employee.

The message for your employer clients is simple: smishing isn't a tech problem their IT team can fully solve. It's a human vulnerability, and protecting against it requires both awareness and a safety net for when awareness isn't enough.

🔵 Product Spotlight: IDShield

Identity theft and fraud don't announce themselves. They show up as an unexpected charge, a loan application that wasn't yours, or a text message your employee almost didn't question.

IDShield monitors the places where personal data surfaces — dark web activity, credit file changes, court records, social media, and more — and alerts members before minor exposure becomes major damage. When something does go wrong, IDShield members don't face the recovery process alone. Licensed private investigators take on the restoration work directly, assisting with disputes, notifications, and follow-up on the member's behalf.

Ready to Add IDShield to Your Clients' Benefits Package?

To learn more about adding IDShield to your employer group portfolio — or to request enrollment materials ahead of spring open enrollment — connect with your dedicated National Broker Team or email [email protected].

‍