(WVVA) – Holiday deliveries are great — until a fake tracking link ruins the season. Cybersecurity firm NordVPN says malicious postal service websites surged ahead of this year’s holiday shopping rush, and scam artists are getting bolder and more convincing.
NordVPN’s Threat Protection Pro™ tracked an 86% increase in malicious postal service websites from August through October 2025. Certain brands were hit especially hard. Fake sites impersonating DHL jumped 206% month-over-month, DPD Group was the second-most impersonated carrier, and the United States Postal Service saw an astonishing 850% month-over-month spike in fake websites.
Those fake sites often arrive as urgent messages about a delayed package or a customs fee and are designed to trick you into clicking a link, entering personal details or paying a “release” charge. NordVPN also found that about 38% of consumers reported facing delivery scams in the past year, and the Federal Trade Commission reports people lost $470 million to text message scams in 2024.
Why these scams work
Text scams, or “smishing,” are particularly effective. Text messages have very high open rates and feel personal, so people often act quickly without checking whether a message is legitimate. Scammers are also using AI and spoofing tricks to make numbers, email senders and web addresses look authentic — a single letter change in a URL can be enough to fool people.
