SMS Scam - Parcel Delivery

<  Back to Fact Sheets

THE SCAM: IDCARE has received many reports about phishing text messages appearing to come from delivery companies such as Australia Post or DHL. These messages often appear in the same message stream as legitimate parcel delivery providers as scammers can ‘spoof’ phone numbers. Spoofing is a type of technology that allows a caller to masquerade as someone else by falsifying the number that appears on the recipient’s caller ID display or in text messages. Caller ID Spoofing does not utilise the real phone number of the service provider, but uses technology that disguises the number to make it look as though it comes from a trusted source. To avoid responding to a scam message, consider downloading the delivery company's app to track your parcels.

What can someone do with the personal information I have provided?

Items such as name, address, and email address are credentials that alone would be considered low risk of direct financial fraud, however they will invite more phishing communication if obtained by a scammer. In most cases what is of real value to identity thieves is your credit card details or banking username and login. Identity thieves also target government issued credential information, such as driver licence, passport or Medicare card details.

What about my debit or credit card details?

If you have entered your debit or credit card details into the linked website, contact your financial institution/s straight away to let them know that your personal details have been compromised and request additional security be placed on your accounts.

I clicked the link

Review your browser’s privacy and security settings to make sure you’re comfortable with what’s checked or unchecked. For example, look to see if your browser is blocking third-party cookies, which can enable advertisers to track your online activities.

  • Clear your browsers cache and cookies.
  • Download the latest updates for your browser.
  • Check plug-ins and extensions. If you find anything unusual, remove it straight away.
  • Change all passwords that you have intentionally or perhaps unintentionally saved to the browser.
General Device Security

Go through all applications on the device to detect any unknown programs running. Please remove them immediately.

  • Apple device: Using a browser, log into your Apple account/ID through the official Apple website. Check all personal information including the phone numbers and email addresses associated with the account are correct. Check all devices you are currently logged into and log out any unknown devices. We recommend periodically updating your Apple ID password and do not use the same password as other accounts. If you would like further support with your Apple devices, you can contact Apple on 1300 321 456.
  • Android/other device: Run anti-virus software then update any relevant passwords (eg. GooglePlay/Gmail password). If your anti-virus application allows, set it to update and run automatically.

What might the scammer do next?

You can expect that scammers will make future attempts to communicate via a variety of channels, such as via phone, email or SMS, if your contact details were provided. With just a small amount of personal information a scammer can easily convince people they are representing a Government agencies or business. Never feel compelled to respond to unsolicited communications. Do your research and make contact using communication channels you have discovered. Please see our fact sheet Tips for handling scam calls.

My email account is receiving a lot of spam now

Some people affected by these types of scams have received emails indicating that they have signed up to online marketing, such as from dating sites and movie sites. If you do receive an email suggesting this, it is best not to click 'Unsubscribe' and rather block the sender. You may choose to do your own research and contact the relevant company directly to request removal from their marketing communications.  

*Please note: This information is generalised to support individuals in most situations. However, depending upon your experience, capabilities and the device(s) you use, seeking professional support may be advisable. IDCARE's recommended steps for an individual concerned about their identification is based upon the information provided by you. A generic template is not able to appropriately address every individual’s situation and some events may require additional steps.

FURTHER ADVICE: Please take time to look at your security and put systems in place that will lessen the blow now and in the future. We have put together fact sheets that contain useful tips and strategies to help you stay safe:

**If at any time during the scam you were asked to provide your driver licence, Medicare, passport, Tax File number or log in details or to give remote access to your device, contact IDCARE through our Get Help form.


Identity Care Australia & New Zealand Ltd (IDCARE) provides identity and cyber security incident response services (the Services) in accordance with the following disclaimer of service:

IDCARE is Australia and New Zealand’s national identity and cyber incident community support service. We are a not-for-profit charity.

  • The Services provided do not constitute legal advice. IDCARE recommends that you consult a solicitor in relation to your legal rights and obligations, including but not limited to your legal rights or obligations under Australian and international privacy and data protection laws.
  • While every effort has been made to ensure the accuracy of the information in this product or service, to the maximum extent permitted by law all conditions, terms, representations, and warranties (in each case, whether express or implied) in connection with the provision of the Services which might otherwise be binding upon IDCARE are excluded.
  • IDCARE’S liability for any loss or damage suffered by any person or organisation (including, without limitation, any direct, indirect or consequential loss or damage) arising out of or in connection with the Services (including without limitation liability for any negligent act or omission, or statement, representation or misrepresentation of any officers, employees, agents, contractors or consultants of IDCARE) shall be limited to the fees paid by you to IDCARE in respect of the Services. For the avoidance of doubt, this limitation of liability extends to any liability arising from any actions performed or not performed as a result of any recommendations made in course of providing the Services.
  • The Services provided by IDCARE are intended to be provided solely to the initial recipient of this document or service and IDCARE will not be liable to any other person who may receive this document.

While every effort has been made to ensure the accuracy of the information in this alert, IDCARE disclaims any liability to any person in respect to any actions performed or not performed as a result of the contents of the the Services or any accompanying data provided. Wider dissemination may be permitted by authority in writing from IDCARE’s Managing Director. If you would like to provide feedback please use our Feedback Form.


IDCARE is here to provide you with specialist support and guidance when faced with a cyber and identity related issue. Contact one of our Identity & Cyber Security Case Managers to learn more about our Support Services and how we can help you.   

Get help

Submit a web request

Call Centre Icon


1800 595 160

Mon - Fri: 8am - 5pm AEST

QLD: 07 3555 5900
ACT & NSW: 02 8999 3356
VIC: 03 7018 2366
NT, SA & WA08 7078 7741

Call Centre Icon

call our NEW ZEALAND

0800 121 068

Mon - Fri: 10am - 7pm NZST

AKL: 09 884 4440