Spot the three dominant UPS scam-email patterns in 2026 — brokerage fee, delivery rescheduling, and MyChoice account verification — with the verification rules that defeat them.
Last reviewed: 13 May 2026 · ScamSupport research
Why UPS-impersonation email is a high-volume UK scam category
UPS is one of the most-spoofed courier brands in UK consumer phishing because of the brokerage / customs framing that makes a small fee request plausible to anyone awaiting a non-EU shipment. Combined with the volume of legitimate UPS notifications (delivery alerts, tracking updates, signature-required notices), scam emails benefit from sitting inside a stream of real UPS communications and being mistaken for them.
UPS publishes its own list of phishing patterns at www.ups.com/us/en/help-center/legal-terms-conditions/fight-fraud.page; the patterns described below match what is currently in active circulation against UK recipients in 2026.
Three UPS scam-email variants currently in circulation
Subject: “Customs charge £3.45 outstanding — pay to release shipment”
Body: A polished message with the UPS shield logo claims the recipient owes a small customs/brokerage fee. A “Pay now” CTA links to a fake checkout page that collects full card details, billing address and sometimes “account verification” security questions.
Red flags:
Real UPS brokerage charges are paid via UPS’s self-service customs portal or invoiced through the shipper. Standalone payment links from a separate domain are not the legitimate path.
The sender domain is not ups.com. Real UPS emails come from @ups.com or @mailinfo.ups.com. Anything else (ups-clearance-uk.com, ups-uk-secure[dot]net, ups-fee[dot]co.uk) is a typosquat.
The amount is suspiciously small. Real UPS UK brokerage fees range from £8.50 minimum upward depending on shipment value. A £1.99 / £2.99 / £3.45 request is bait priced to slip under both your suspicion threshold and your bank’s.
You don’t have a tracked shipment from outside the EU. Always confirm there’s a real shipment before paying any “customs” charge. Customs charges only arise for imports above thresholds.
The page collects full card details rather than just a payment authorisation. Real customs payments are charged to a card without separately collecting the security code + billing address + full account number.
Subject: “Delivery attempt failed — reschedule via the link below”
Body: A message claims a delivery attempt was made but the recipient was out, and provides a link to reschedule. The link routes to a fake UPS page that collects address details, phone numbers and sometimes a “rescheduling deposit”.
Red flags:
UPS leaves a paper InfoNotice (yellow tag) at the address. A real failed delivery leaves a physical card so you have evidence regardless of the email.
UPS reschedules via ups.com/track or via the UPS My Choice account — never via a stand-alone link in an email. Log into ups.com directly to action any delivery options.
“Rescheduling deposit” is invented. UPS doesn’t charge a fee to reschedule a delivery to an existing address.
Generic addressing. “Dear Customer” rather than your name is a phishing tell. Real UPS emails use the name on file from the shipping label.
From: “UPS My Choice” <security@ups-secure-login[dot]com>
Subject: “Your UPS My Choice account requires verification within 24 hours”
Body: The email claims unusual activity has been detected on the My Choice account. The recipient is asked to verify identity by clicking through to a lookalike UPS login page that captures username, password and 2FA codes.
Red flags:
Real UPS My Choice login is at www.ups.com/mychoice. Variants like ups-secure-login.com, upsmychoice-verify[dot]net are typosquats.
UPS handles account-security alerts inside the My Choice dashboard, not via threat-of-suspension emails.
They ask for password + 2FA code. Real UPS account recovery uses email verification flows, not credential entry on a follow-up link.
Compromised My Choice accounts are used for shipment redirection scams. Criminals redirect packages to drop addresses, intercept goods, or pivot to linked payment methods.
How to verify a UPS email is genuine
Read the sender domain. Real UPS emails come from @ups.com or @mailinfo.ups.com. Anything else is suspect.
Go to ups.com/track directly — not via the link in the email. Type the tracking number into the official UPS tracking page. If a real action is required, UPS’s own page will show it.
Real UPS brokerage charges are itemised. Real charges include the shipment’s tracking number, value, applicable tariff, and a transparent breakdown. Generic “£2.99 customs fee” with no breakdown is a phishing signal.
Call UPS UK on 03457 877 877 (the number on ups.com/contact). Real UPS will be able to confirm whether you have an outstanding charge or rescheduled delivery.
Report scam UPS emails to fraud@ups.com (UPS’s phishing-report address). UPS uses these reports to action takedowns of scam infrastructure.
If you’ve already clicked a fake UPS link
Card details entered: call your bank’s fraud line on the number on the back of your card. Cancel and replace the card. Reference any unauthorised transactions under the PSR Mandatory Reimbursement Scheme.
UPS account credentials entered: change your password at www.ups.com/mychoice, sign out all sessions, and check the delivery preferences for any unauthorised redirections.
Personal details entered: consider CIFAS Protective Registration — protects your credit file for 2 years against follow-on identity fraud.
Report the email to report@phishing.gov.uk (NCSC Suspicious Email Reporting Service).