Synthetic tracking ID fraud is quietly disrupting cross-border e-commerce, allowing fraudsters to generate fake but trackable USPS numbers, undermining platform trust and customer experience.

Background

On 28 May 2025, Threat Hunter’s Intelligence Team detected a sophisticated logistics fraud scheme through its deep intelligence monitoring network.

Fraud groups were openly advertising synthetic USPS tracking IDs on social platforms like Xiaohongshu. These services, targeting cross-border e-commerce sellers, offer seemingly legitimate tracking numbers that mimic real USPS logistics IDs. These fake numbers appear genuine on the USPS website, allowing merchants and buyers to track shipments normally. However, these IDs are generated from compromised USPS number segments and involve no actual postage payment. At present, the only reliable method to distinguish them from real ones is to check if postage was paid.

Sellers drawn to this service aim to drastically cut logistics costs. It's particularly appealing to those seeking short-term profit through aggressive store expansion or newcomers unfamiliar with compliance requirements.

As a new form of advanced logistics fraud, synthetic tracking ID fraud now poses a significant threat to the global cross-border commerce ecosystem and is spreading rapidly.

Synthetic Tracking ID Fraud: Method & Tactics

2.1 Key Features

• Service Offering: Partially fake logistics IDs that appear fully trackable in USPS’s official system.

• Geographic Constraints: Requires cooperation with US-based or virtual warehouses.

• Common Segments: Commonly used tracking number prefixes include ‘92, ‘93’, ‘94’ and ‘95’ confirmed via social engineering to have been successfully cracked by fraud groups. Among them, ‘94’ has recently proven to be the most stable in synthetic tracking ID operations.

2.2 Operational Techniques

2.2.1 Core Use Cases

Threat actors reverse-engineer shipping label algorithms used by USPS (and also UPS, FedEx, etc.), generating or manipulating shipment data. These synthetic tracking IDs are then sold to e-commerce sellers, allowing them to simulate legitimate fulfilment processes without paying shipping fees.

2.2.2 Exploiting System Gaps

• API Vulnerabilities: Exploit weaknesses in USPS’s API verification logic.

• Lack of Detection Layers: USPS lacks effective methods to distinguish between synthetic and legitimate tracking IDs. Currently, verification relies solely on checking postage payment, with no multi-dimensional validation framework in place.

2.2.3 Fraud Resilience Strategy

To ensure the longevity of their scam, fraud groups use professional tactics:

• ID Segment Rotation: Fraud groups regularly rotate across multiple compromised tracking number segments, testing them in parallel for stability and maintaining standby segments for rapid switching in response to disruptions.

• Proactive Monitoring: Continuously monitor USPS system updates and risk-control changes, establish early warning mechanisms to detect disruptions, and rapidly adapt their technical methods in response. 

Case Study: Synthetic ID Scheme in Action

On 28 May 2025, Threat Hunter identified a large-scale sale of synthetic USPS tracking IDs being promoted on a major Chinese social platform. The fraud syndicate claimed a daily capacity of over 10,000 IDs, promising:

• “Zero missed scans by USPS”

• “Timely deliveries without account penalties”

• “Tracking visible within 24 hours”

• “Delivery in 3–5 days”

This synthetic tracking ID service requires coordination with local US warehouses or virtual fulfilment centres. The fraud group provided the following detailed pricing structure:

Impacts & Strategic Recommendations

4.1 Business Impact

• Platforms: Synthetic logistics fraud damages platform credibility, reduces user trust, and results in higher volumes of refunds, compensation claims, and disputes. These issues significantly increase operational handling costs.

• Merchants: Legitimate sellers face unfair competition, disrupting normal business operations and damaging the overall reputation of the industry. This undermines long-term development potential.

• Consumers: Consumers may not receive their orders or experience delivery delays. Resolving disputes and refund requests demands extra time and effort, leading to poor user experience.

4.2 Recommendations

The impact of synthetic logistics fraud has evolved beyond simple financial loss. It now poses systemic risks to platform trust and operational efficiency. Platforms must re-evaluate their risk priorities and integrate logistics fraud prevention into their core security strategies.

Threat Hunter’s Intelligence Operations Team combines a professional human intelligence network, advanced technical research capabilities, and deep cross-border commerce expertise to deliver comprehensive fraud defence solutions. Our team offers the following support:

• Conduct targeted extraction and analysis of tracking numbers within platform logistics data.

• Identify common patterns across synthetic tracking IDs to assist internal correlation and flag high-risk sellers.

• Establish long-term monitoring mechanisms to detect and pre-empt emerging fraud tactics.

Through strategic cooperation with Threat Hunter, platforms and merchants can greatly enhance their resilience against synthetic tracking ID fraud, ensuring business continuity and maintaining user trust.

Learning more about fraud risks relevant to your business? Let's talk.