Temu scam texts: is that order, reward, or refund real in 2026?
Temu really does send order and shipping updates, so you cannot dismiss every Temu message as fake. But a text that wants your card details, your password, or a fee to "release" a free gift, or that sends you to a site that is not temu.com, is a scam. Here is how to tell the difference in 30 seconds, without trusting the message at all.
Verdict: Likely a scam if it wants your card, password, or a fee - verify only in the Temu app
If a "Temu" text about an order, a reward, or a refund asks you to pay a small fee, hand over your card or password, or "claim" a prize through a link, treat it as a phishing scam. Temu does send genuine order and delivery updates, so the message is not automatically fake, but Temu never asks for your password or full card number by text, and it never charges a fee to release a free gift. The link, not the message, is the tell: a real Temu update opens inside the Temu app or at temu.com, never on a lookalike like a "temu-rewards" site. The only safe way to check is to ignore the text's link, open the Temu app yourself, and look at Your Orders. If it is real, it will be there.
The Brief
Temu sends real order confirmations, shipping alerts, and the occasional promotion, which is exactly why the scam works: a fake "your Temu order" or "you won a Temu reward" text blends in with the real ones. The honest answer to "is this Temu text real" is not yes or no on sight, it is a process. A message that wants you to pay a fee, confirm a card, enter a password, or "claim" a prize through a link is the fake pattern. The real Temu site is temu.com, and Temu's own emails come from the temuemail.com domain, but seeing a familiar name in a link proves nothing on its own. You never decide on the text itself. You decide by opening the Temu app and checking Your Orders, the same rule that beats the DHL package tracking text scam and the fake "Shop" app order callback scam.
The four Temu scams worth knowing
Temu impersonation comes in four shapes, and they all end at the same place: a page that wants your money or your login. The branding changes, the bait changes, the trick does not.
The fake order or package text. This is the most common one, and it mirrors the broader trend. The FTC's data on the top text scams of 2024 (published April 2025) found that fake package-delivery messages were the single most reported text scam, ahead of fake job offers, bogus fraud alerts, and unpaid-toll texts. The Temu flavor reads "Your Temu parcel could not be delivered, update your address" or "There is a problem with your Temu order, confirm your details." There may even be a tracking number to make it feel real. The link goes to a page that asks for your address and then a small "redelivery" or "customs" fee on your card. There is usually no order at all.
The free reward or giveaway text. "Congratulations, you have been selected for a Temu reward of $500" or "Claim your free Temu gift, only 3 left." These lean on a real thing Temu does (it runs referral and spin-to-win promotions), then twist it. The catch is a fee, a card "to verify you are real," or an endless chain of sign-ups and app installs that never pays out. Temu does not text strangers cash prizes, and it never charges you to receive a free item.
The refund text. "Your Temu refund of $42.90 is ready, confirm your card to receive it." A refund you are genuinely owed is returned to your original payment method automatically inside the app. No legitimate refund requires you to re-enter your full card number on a linked page. That step exists only to harvest the card.
The merchant-review or task job. A newer twist sends an unsolicited text offering easy money to "review Temu products" or complete small online tasks. The FTC flags these as task scams: the early tasks pay a little to build trust, then you are asked to deposit your own money to "unlock" bigger commissions, and it vanishes. Temu does not recruit reviewers by cold text.
What the fake page actually looks like
Click the link in any of these and you land on a near-perfect copy of Temu's orange-and-white interface. The logo is right, the layout is right, the product photos are real. What does not hold up is the address bar. It does not read temu.com. It reads a lookalike such as temu-rewards[.]xyz, temu-delivery-update[.]top, temu-refund-center[.]online, or claim-temu-gift[.]shop (illustrative examples, not real Temu domains). The word "temu" is there, but it is glued to "rewards," "delivery," or "refund," or sitting on a cheap TLD Temu does not use. The real Temu domain is temu.com, and a genuine order or refund is never handled on a page a text handed you.
Some campaigns skip the obvious lookalike and host the fake on a free subdomain or a brand-new throwaway domain, betting that you will not look past the logo. That is the whole game. The page is built to make the address bar the last thing you check.
Test that Temu link before you tap it
Got a text about a Temu order, reward, or refund and not sure about the link? Paste it below before you tap it. Our 3-layer engine (Local + APIs + AI) returns a verdict in about 3 seconds. Free, no signup.
Why temu.com is real but the text still might not be
People want one clean rule: if the name "Temu" is in it, decide from that. It fails in both directions, and scammers count on it.
Temu does send genuine order, shipping, and promotion messages, and its email comes from the temuemail.com domain. So a real Temu communication is not a red flag, and a message that mentions a real order number can still be a fake (AI-written phishing increasingly references genuine-looking order details). At the same time, a link with "temu" in the text is not proof of anything, because anyone can register temu-rewards[.]xyz and put the word "temu" on the left of the dot. The brand name in a message is a hint, never the verdict.
The only thing that truly settles it is your own account. A genuine Temu order, refund, or reward appears inside the Temu app or at temu.com when you open it yourself. If it is not in Your Orders or your account when you go there directly, Temu did not send it. That is why the check below never involves the text at all. You do not inspect the link, you do not trust the sender, you do not tap to "claim." You open Temu on your own and let your real account tell you the truth.
The 30-second check: verify inside the Temu app
This is the whole answer to "is this Temu text real." It works whether the message is genuine or a perfect fake, because it never relies on the text.
- Do not tap anything in the text. Not the link, not "claim," not "track," not "this wasn't me." Leave the message where it is.
- Open the Temu app or type temu.com yourself. Use the app you installed, or type temu.com into the browser address bar yourself. Do not tap a link, and do not search and click an ad.
- Sign in and open Your Orders. A real delivery problem, refund, or reward shows here, on the real site, not only in a text. If your orders look normal, there is nothing to fix.
- Check the in-app message center and your account balance. A genuine reward or credit lands in your account, not on a page that asks for your card to "release" it.
- If nothing in the app matches the text, the text was fake. Delete it. If a real prompt is waiting in your account, handle it there, in the app, where you signed in yourself.
That is the rule for every "your order" or "you won" message, from Temu or anyone else: judge it on the real app, never on the text. The same approach drives our guide on how to tell if a website is a scam.
Red flags that push the verdict toward scam
- It asks you to pay a fee for a free gift or a delivery. Temu does not charge a "redelivery," "customs," or "verification" fee to release a prize or a package. A fee on a free item is the harvest step for your card.
- It asks for your password, full card number, or SSN. Temu does not collect or re-confirm those by text or on a linked page. This alone marks it as phishing.
- The link does not go to temu.com. Long-press the link to preview it. A destination like temu-rewards, temu-delivery-update, or temu-refund-center on an odd ending is fake, even if the page looks perfect.
- A prize you never entered for. "You have won a $500 Temu reward" out of nowhere, with a countdown. Real Temu promotions live inside the app, not in an unsolicited text with a one-day timer.
- Urgency with a deadline. "Claim in 24 hours or lose it," "your parcel will be returned today." The clock exists to stop you opening the app and checking calmly.
- A cold offer to earn money reviewing Temu products. Temu does not recruit reviewers or "task" workers by text. Any message asking you to deposit money to unlock earnings is a task scam.
- A generic greeting on a personal claim. "Dear user, your order is on hold" on a message that claims your specific order is affected is a tell. It stacks with the rest.
What to do if you already tapped and entered details
Move fast. Once your card or login is captured, the attacker can charge it or take over your account.
- If you entered card details, call your bank now. Report the card as compromised, request a replacement, and watch the statement. Dispute any charge you do not recognize, including small "fee" charges.
- Change your Temu password. Open the app or type temu.com yourself, not through any link in the text. Use a password you have never used anywhere else.
- Reset that password anywhere you reused it. If your Temu password matched your email or bank login, change those too. Every account gets its own unique password.
- Turn on two-step verification where the account offers it. Even with your password, an attacker is slowed without your second factor.
- Check your Temu account for changes. Remove any address, phone, or payment method you did not add, and review recent orders for anything you did not place.
- If you entered an SSN, treat it as identity-theft exposure. Consider a fraud alert or credit freeze, and monitor for new accounts opened in your name.
How to report the fake message
- Report it to Temu. Use the Help Center inside the Temu app or at temu.com to report a phishing message that impersonates the brand, so its team can pursue takedowns of the copycat pages.
- Forward the text to 7726 (SPAM). In the US, UK, and several other countries, forwarding a scam text to
7726reports it to the carriers so they can block the sender. - Report the scam to the FTC at reportfraud.ftc.gov. This feeds the consumer-protection data behind warnings like this one.
- Flag it to the BBB Scam Tracker at bbb.org so others searching the same message are warned.
- In the US, report to the FBI Internet Crime Complaint Center at ic3.gov if you lost money or had an account taken over.
- Delete the text after reporting. Do not tap anything in it on the way out.
How SafeBrowz blocks this threat
SafeBrowz runs a 3-layer detection architecture: Local + APIs + AI. The core question it answers is whether a page is on a brand's real domain or just wearing the brand's clothes on someone else's domain.
- Layer 1 - Local detection: 60+ URL pattern signatures plus a 550+ brand database (Temu included) plus Punycode and homograph checks, all running inside the extension before the page renders. When "temu" appears in a hostname that is not temu.com (such as temu-rewards or temu-refund-center), it reads that as brand-on-non-official-domain and flags the impersonation.
- Layer 2 - API checks: aggregates Google Safe Browsing, PhishTank, URLhaus and ScamAdviser feeds plus 30+ scam TLD lists to flag domains already known to be malicious, which covers many Temu lookalike and reward-claim domains as they get reported.
- Layer 3 - AI deep scan (Premium): content analysis (via our proxy) reads a brand-new lookalike page in seconds, in 100+ languages, catching a fake Temu reward or refund screen that copies the real styling but sits on the wrong domain, before a known-bad list has even heard of it.
Honest scope: SafeBrowz flags the lookalike page before you enter anything, but it cannot reverse a card number you already typed into a fake page, so the 30-second app check above still matters.
Detection signatures come from threat-intelligence research and our internal brand database, not from user browsing data. SafeBrowz does not store per-user browsing history.
Where browser-layer defense fits
Carrier spam filters and the app store cannot catch everything. Many Temu phishing texts come from fresh numbers and point at brand-new domains that no blocklist has seen yet, and the fake reward or refund page is what actually does the damage. Browser-layer scanning catches that next step. When a Temu-styled page renders on a domain that is not temu.com, a brand-aware scanner flags the impersonation before the form loads. SafeBrowz is a free extension for Chrome, Firefox and Edge, plus a live Android app (Safari coming soon), that checks every URL against a 550+ brand database before it renders. Install SafeBrowz and pair it with the one rule that beats this whole category: reach Temu only by opening the app or typing temu.com yourself, never through a link a message sent you. If you are still unsure about a store, our guide on how to spot fake online store scams walks through the deeper checks.
Install SafeBrowz free
Add the browser extension, or the SafeBrowz Android app, that runs every check in this article automatically, on every page, before it renders. Free forever, with optional Premium AI deep scan at $14.99 per year.
Frequently asked questions
Is the Temu order or package text real or a scam?
It depends, and you should never decide from the text itself. Temu does send genuine order and shipping updates, but a message that asks you to pay a delivery or customs fee, confirm your card, or enter your password through a link is almost always phishing. Do not tap anything. Open the Temu app or type temu.com yourself, sign in, and check Your Orders. If a real delivery issue exists, it shows up there. If your orders look normal, the text was fake.
Did I really win a free Temu reward or gift card?
Almost certainly not. Temu does not text strangers cash prizes or gift cards, and it never charges a fee or asks for your card "to verify you are real" before releasing a free item. A reward you genuinely earned through a Temu promotion appears inside the Temu app, in your account, not on a linked page that asks for payment. Treat any unsolicited "you won a Temu reward" text as a scam.
What is Temu's real website and email domain?
The official Temu website is temu.com, and the Temu app is the safest place to manage orders. Temu's genuine emails come from the temuemail.com domain. But domains and sender names can be imitated, so never decide a message is safe just because it shows the Temu name. A link to a lookalike such as temu-rewards or temu-refund-center on an unusual ending is fake. Open the app or type temu.com yourself instead.
How do I tell a fake Temu link from the real site?
Look at the domain. Real Temu pages live on temu.com. A link to a lookalike such as temu-rewards, temu-delivery-update, or temu-refund-center followed by a different ending is fake. If the link is shortened, expand it before tapping. Even a perfect-looking Temu page is fake if the address bar does not read temu.com. When in doubt, do not open the link at all, open the Temu app and check Your Orders.
I tapped the link and entered my card or password. What do I do first?
If you entered card details, call your bank immediately to report the card and dispute any charge. Change your Temu password by going directly to the app or temu.com, not through any link in the text, and reset that password anywhere else you reused it. Turn on two-step verification, remove any account or payment detail you did not add, and review recent orders. If you entered an SSN, treat it as identity-theft exposure and consider a credit freeze.
How do I report a fake Temu text?
Report the phishing message through the Help Center in the Temu app or at temu.com so Temu can pursue takedowns. Forward the text to 7726 (SPAM) to alert the carriers, and report the scam to the FTC at reportfraud.ftc.gov and the BBB Scam Tracker at bbb.org. In the US, file with the FBI at ic3.gov if you lost money or had an account taken over. Then delete the text without tapping anything in it.
Related SafeBrowz coverage
- DHL package tracking text scam: the fake delivery fee that steals your card
- Fake online store scams: how to spot a bogus shop in 2026
- Fake "Shop" app order callback scam: the bogus charge that gets you to call
- World Cup 2026 giveaway and prize scams: the free-ticket trap
- Amazon account verification email scam: is it real or phishing?
- How to tell if a website is a scam
Bottom line: Temu does send real order updates, so "is this Temu text real" is never a yes-or-no you read off the message. A text that wants a fee, your card, your password, or that sends you anywhere but temu.com is the fake pattern, and the Temu name in a link proves nothing. Ignore the link, open the Temu app or type temu.com yourself, and check Your Orders. Put SafeBrowz on your browser so the fake Temu reward or refund page never loads in the first place.