Fake Shipment Tracking Scams - Surge in MEA Targeting Banks
Basically, scammers are tricking people into giving away their banking info by pretending to be delivery services.
A surge in fake shipment tracking scams is targeting individuals in the MEA region, stealing sensitive banking data. This scam exploits the trust people have in delivery services, leading to financial risks. Awareness and caution are key to staying safe.
What Happened
Every day, billions rely on postal and courier services for deliveries. This trust has become a target for cybercriminals, leading to a rise in fake shipment tracking scams. Victims receive urgent SMS messages claiming their package delivery failed. The message prompts them to click a link to update their address or pay a fee. This link directs them to a convincing fake courier website.
Once on the site, victims unknowingly provide personal information, banking credentials, and one-time passwords. Group-IB analysts have tracked a significant increase in these scams across the Middle East and Africa (MEA). Data from late 2025 to early 2026 shows Egypt was the most targeted, with 119 incidents reported, followed by South Africa, Ghana, and Kenya.
Who's Being Targeted
The postal services sector has been the most abused, with 115 confirmed cases. Other affected industries include financial services, telecommunications, and mobility platforms. The scams exploit the psychological pressure of expecting a delivery, making victims less cautious. People often overlook the legitimacy of messages about delayed parcels, increasing their vulnerability to these scams.
Signs of Infection
The fake websites are designed to mimic real courier services, particularly on mobile devices. Scammers use disposable domain extensions to host these sites, making them harder to trace. Group-IB’s analysis revealed that these scams utilize a phishing platform called Darcula, which offers thousands of counterfeit domains and templates.
What makes these scams particularly dangerous is the real-time credential theft. Embedded scripts on the phishing pages open a WebSocket connection to an attacker-controlled server as soon as a victim loads the page. This allows attackers to capture every keystroke, including sensitive information like card numbers and CVV codes, without the victim's knowledge.
How to Protect Yourself
To avoid falling victim to these scams, individuals should never click on tracking links sent via SMS. Instead, they should visit the official courier website and enter tracking numbers manually. Be wary of messages demanding immediate payments or address updates, as legitimate courier companies do not charge fees for redelivery.
Businesses can help by regularly alerting customers about phishing campaigns impersonating their brand. Implementing email authentication protocols like DMARC, DKIM, and SPF can prevent spoofed messages. Partnering with mobile carriers to filter fraudulent SMS patterns and providing a verification tool for tracking messages can significantly reduce the risk of customer victimization.
Cyber Security News