"Your Parcel Is Held by Customs": Why This Scam Keeps Working in India

Published: 20 May 2026 8 min read By ScanTotal Security Team
Last reviewed: 20 May 2026 by Kumari Rajapaksha, Founder, ScanTotal

You ordered something from AliExpress two weeks ago. You half-forgot about it. Today an SMS arrives: “India Post: Your parcel is held at customs due to incomplete duty payment. Pay ₹750 to release: [link].” The amount is small. The story is plausible. The brand is one you trust. You tap the link.

This is the customs-parcel scam, and in 2026 it is one of the highest-volume scam SMS categories in India. The amounts are small by design, large enough to be worth running the scam at scale, small enough that the victim doesn’t pause to verify. This guide walks through how the scam actually works, what real Indian Customs procedures look like, and the three signals that catch every variant.

What the scam actually says

Three redacted examples from real submissions to ScanTotal’s URL scanner over the past 30 days:

India Post: Your parcel (No: IND8472XXX) is held due to customs duty ₹850. Pay within 24 hrs to avoid return: http://indiapost-customs-pay[.]online/release -India Post
DHL Notification: Customs duty of INR 1,250 is pending for parcel DHL237XXXXXX. Pay here: https://dhl-india-customs[.]xyz/duty
FedEx: Your shipment requires INR 645 customs clearance fee. Avoid return charges: http://fedex-india-payment[.]in-online[.]com

The brand changes. The amount changes. The TLD changes. The script doesn’t. Look at any of these for thirty seconds and the same structural elements appear: a recognised courier brand, a small INR figure (typically ₹500-₹2,000), a 24-hour deadline, and a link whose domain has nothing to do with the courier’s real website.

How real Indian Customs actually works

The single most important thing to know: Indian Customs (CBIC) does not contact individuals directly about personal-parcel duty. The courier handles the customs clearance on your behalf. If duty is owed, the courier’s own systems collect it through their app, website, or physical delivery slip.

The actual process for a real personal parcel with duty owing:

  1. The parcel enters India at a major airport (typically Delhi, Mumbai, Bengaluru, or Chennai) and goes through customs assessment.
  2. The courier (India Post / DHL / FedEx / BlueDart) prepares a Bill of Entry with the declared value, duty rate, GST, and any social welfare surcharge.
  3. The courier notifies you through their app or by physical delivery slip. The notification is itemised, you see the duty calculation, not just a total.
  4. You pay either online through the courier’s official payment portal (their real domain), or in cash to the delivery agent at handover.

The courier’s payment portal is on the courier’s registered domain. India Post uses indiapost.gov.in. DHL uses dhl.com or dhlindia.com. FedEx uses fedex.com. BlueDart uses bluedart.com. Every other domain, including very plausible variations like indiapost-customs.online, dhl-india.xyz, or fedex-india-payment.com, is impersonation.

The three signals that catch every variant

1Sender format

A genuine courier SMS for a duty payment uses a registered DLT header. India Post: VM-IPOSTC, JD-IPOSTC, or similar (the prefix varies by region). DHL: VK-DHLIND. FedEx: VM-FEDEXI. The pattern is always a 6-character alphanumeric header, never a 10-digit mobile number. If the SMS came from +91 9XXX XXX XXX, it is not the courier, full stop, regardless of how official the rest of the message looks.

2Link destination

Long-press the link (don’t tap) to preview where it actually goes. The hostname must be the courier’s exact official domain, not the brand name as a substring of a different domain. indiapost.gov.in/anything is real; indiapost-anything.xyz is not. If you have any doubt, paste the link into ScanTotal’s URL scanner first, we’ll show you the real destination and flag known-malicious patterns.

3Payment method

Genuine courier customs-duty payments go through the courier’s payment gateway and are itemised. They do not ask for UPI payments to personal IDs (@okhdfcbank, @upi, @paytm), and they do not ask for card details on a third-party page. If the “customs duty” payment screen asks for your card CVV or shows a personal UPI ID, the page is a phishing page regardless of how official the design looks.

What the scam does once you tap

The scam isn’t one-shot. There are three variants of what happens next, depending on which crew is running the campaign.

Variant 1, the small-payment grab. The link goes to a fake payment page that takes your card details or initiates a UPI request. The amount charged is the small advertised figure plus, sometimes, a hidden “processing fee”. The card details are then sold or used for further fraud.

Variant 2, the escalation. You pay the small advertised amount. The next day you get another SMS: “Your parcel is in final clearance but requires an additional ₹1,500 storage fee.” You pay that. A day later: “Final release fee ₹2,800.” The escalation continues until you stop responding or run out of money.

Variant 3, the credential harvest. The payment page asks you to “verify your identity” before paying, full name, Aadhaar number, PAN, date of birth, mother’s maiden name. These get sold to other scam operations or used in synthetic-identity fraud against you weeks later.

Even paying a small amount has lasting damage. The card or UPI ID you used is now flagged in scam-syndicate databases as a “converter”, someone who paid once. Expect more scam attempts (insurance refund, electricity disconnection, fake job offer) over the next few weeks.

If a parcel really is held

It happens sometimes. International personal parcels can genuinely incur duty, and customs holds do occur. The right response is:

  1. Open the courier’s official app or website yourself, type the URL or use a bookmark, don’t click anything from the SMS.
  2. Search for the parcel using the tracking number from the original order confirmation. If the parcel is genuinely held, you’ll see it there with the actual duty calculation.
  3. If you’re unsure, call the courier’s customer-care number from their official website (typed by you), not from any SMS or call.
  4. Pay only through the courier’s own payment portal, never through a link in an SMS.
If the “customs hold” is real, it’ll still be there when you check tomorrow. Couriers don’t actually destroy or return parcels within 24 hours over a duty payment, the “24 hour deadline” in scam SMS is always artificial urgency. Real customs holds usually have a 14-30 day window before any return action.

The respectful reality about courier brands

India Post, DHL, FedEx, BlueDart and the other couriers operating in India are being impersonated, not failing to protect their customers. Their actual digital infrastructure has improved meaningfully over the past five years, the apps now have tracking, the websites have working payment portals, the customer-care numbers are answered. The scam ecosystem exists because the brand is trusted, not because the brand is failing.

The defence is the same as for every other SMS scam: don’t click links from unknown senders; verify through the brand’s official channel that you opened yourself; pause when something feels urgent. The three signals above, sender, link, payment method, catch every variant of the customs-parcel scam, regardless of which courier brand the scammer chose to impersonate that week.

Got a "parcel held" SMS?

Paste the link into ScanTotal first, we’ll tell you whether it’s the real courier or an impersonation.

Open URL Scanner

Check any file, link, or message

Free, private scanning across all six tools, no account required.

Open Scanner Read: KYC Update Scam SMS in India

Sources & Further Reading

Related Articles

KYC Update Scam SMS in India
Real examples and the three tells.
Aadhaar Phishing in 2026
Fake-UIDAI SMS, mAadhaar clones, OTP-relay calls.
Instant Loan App Scams in India
The harassment cycle and how to escape it.