These texts work because they try to make a tiny problem feel urgent. A few unpaid toll dollars. A package that cannot be delivered. An account that needs a fast fix. The message is built to make you tap before you think.

Official guidance from the FTC, FCC, the U.S. Postal Inspection Service, and UPS points to the same rule: never use the link in the text to solve the problem. Verify through the real toll operator, USPS, UPS, or your account portal instead.

What these scam texts usually look like

The topic changes, but the pattern stays familiar:

  • An unexpected text claims you owe a small balance or must fix a delivery issue.
  • The message pushes urgency with phrases like pay today, final notice, or account suspension.
  • A link takes you to a page that looks official but is really there to steal card details, login credentials, or identity information.
  • The scam may impersonate a toll operator, USPS, UPS, DMV-style service, or another familiar account brand.

The FTC says unpaid-toll texts are a phishing scam. The money demand is only part of the risk. The larger problem is that the link can collect your personal information, bank details, or card data.

Red flags that should make you stop immediately

  • You were not expecting a toll notice, delivery exception, or account warning.
  • The text uses pressure, threats, or a countdown.
  • The sender name looks generic, the greeting says something like Dear Customer, or the number is unfamiliar.
  • The text asks you to pay through a link rather than telling you to log in through the real site.
  • The site name in the message looks slightly off, shortened, or unfamiliar.
  • The message asks for card numbers, passwords, driver license information, or other personal details you would not normally text back.

The FCC says fraudulent toll texts may spoof trusted brands such as E-ZPass, FasTrak, or I-PASS, may come from international numbers, and may use threatening language to rush people into paying. It also notes that toll operators typically do not use text messages to collect overdue accounts.

Why package-delivery texts can be fake even when you are expecting a package

This is where people get trapped. You might really be waiting for a package, which makes the text feel plausible.

USPIS says USPS text tracking is only used when a customer requested tracking for a specific package and provided the tracking number first. It also says USPS does not charge for those services and will not send customers a text or email with a link unless the customer initiated the tracking request. If you did not set that up yourself and the message contains a link, treat it as suspicious.

UPS says that if it contacts you regarding a package, the representative can provide a tracking number that you can verify on the real UPS site. That is the pattern to trust: open the official site yourself, enter a known tracking number yourself, and check there.

What to do instead of clicking

  1. Stop. Do not tap the link or reply to the message.
  2. Open the real website or app yourself. Type the address manually, use a bookmark, or use a trusted app.
  3. Check your real account for any balance, violation, or delivery issue.
  4. If the text claims to be from a toll company in another state, independently find that operator's customer-service number or official site before doing anything else.
  5. If the message claims to be from USPS, use USPS.com or your real tracking history. If it claims to be from UPS, use UPS.com or the UPS app.
  6. Report the message and then delete it.

The FTC says to use your phone's report-junk option or forward the text to 7726. USPIS also says USPS-related smishing can be reported to spam@uspis.gov with a screenshot and the sender's number. The FCC says suspected scam texts can also be reported through its complaint center and the FBI's IC3.

If you already clicked the link

Move quickly, but stay methodical.

  1. If you entered card or bank details, contact the card issuer or bank right away.
  2. Change the password for the account you think may be affected, especially if you reused that password anywhere else.
  3. Turn on two-factor authentication where available.
  4. Watch your bank, card, and package-related accounts for unusual activity.
  5. Report the scam to the impersonated company or agency, plus the FTC at reportfraud.ftc.gov.
  6. If you downloaded anything from the link, run a security scan and remove anything suspicious.

USPIS says that if you interacted with a suspicious USPS-themed URL, even without submitting the page, you should notify your financial institution. That is a good rule more broadly when you are not sure how much information the site captured.

The safest rule for toll texts, package alerts, and account warnings

Do not solve a billing or delivery problem from the message that introduced the problem.

If the claim is real, it will still exist when you log in through the official site on your own. If the claim disappears when you check the real account, that tells you what the text really was.

FAQ

Are unpaid-toll texts usually real?

The FTC says unexpected unpaid-toll texts are probably a scam. Verify with the real toll agency using a phone number or website you know is real, not the contact details inside the text.

Can a fake package text still arrive when I really have a package on the way?

Yes. That is part of why these scams work. Use the official USPS or UPS site or app and your real tracking number instead of the link in the text.

Does USPS send text messages with links?

USPIS says USPS does not send customers a text with a link unless the customer first requested text tracking for a specific package. If you did not initiate the tracking request and the text includes a link, treat it as suspicious.

How do I report a scam text?

You can forward it to 7726, use your phone's report-junk option, report USPS-themed smishing to spam@uspis.gov, file a complaint with the FCC, and submit a fraud report to the FTC.

What if I already gave the scammer my card information?

Contact your bank or card issuer immediately, ask about blocking the card or reversing charges, change any affected passwords, and monitor your accounts closely.

What is smishing?

Smishing is phishing done through text messages or phone numbers. The goal is the same: get you to hand over personal, financial, or account information through a fake message.

Bottom line

The best scam-defense habit here is not memorizing every fake script. It is refusing to use the message as your path back to safety.

Open the real site yourself. Check the real account yourself. If the warning is real, it will still be there. If it is fake, you just saved yourself a much bigger headache.

Sources