Delivery payment fraud

People are receiving phishing e-mail messages with requests for payments for a package delivery, with links to a fake postal service website for making the payment.

Scammers are taking advantage of the situation to solicit random people with e-mail messages asking them to pay a small extra amount, typically just a few bucks, to complete a delivery. The message makes it impossible to identify the parcel; the scammers are clearly counting on people to be overwhelmed or absent-minded, in a rush or simply curious. The recipient is pointed toward a fake postal service website where they can make the payment.

Message from a delivery service

The scam begins with an e-mail notification that appears to come from a well-known delivery service. The messages are sent out in various languages, and the names of the postal services with which the messages purportedly originated vary according to region. The imitations aren’t perfect: Among their other red flags, all of the phishing samples we reviewed were sent from random addresses unrelated to any of the official postal service e-mail addresses.

Phishing e-mail messages in multiple languages appearing to come from various well-known postal services.

Мошеннические письма на нескольких языках от имени различных почтовых служб

According to the notification, an order could not be delivered because of an incorrect address, extra charges for unforeseen expenses, or some other vaguely plausible reason.

Phishing e-mails that look like messages from a postal service asking the recipient to pay extra for parcel delivery.

Мошенническое письма, имитирующее сообщения от почтовой службы, с просьбой доплатить за доставку посылки

The recipient is then asked to pay a small amount (not exceeding €3), supposedly to ensure delivery. The senders provide a link to what looks like a delivery service website but is actually a phishing page.

Users who fall for the trick click the link, go directly to the payment page, enter personal information and bank card details as requested, and finally provide a verification code from a text message.

On the fake website, users are asked to enter some personal information, bank card details, and finally, a code from a text message to verify the transaction.

How to keep your cash safe

Protecting your funds from scammers is absolutely within your reach. Follow these few basic rules of digital hygiene to keep your money for yourself:

  • Keep basic track of your deliveries. If you place so many orders that you cannot remember them all, keep a running file or jot down a list of orders you have outstanding.
  • Avoid clicking on links in e-mails, particularly if you’re not entirely sure they’re legit, and never enter personal or payment details on a page that opens from such a link.
  • In case of doubt, contact the delivery service over the phone to find out what is going on. You can also find a parcel’s tracking number in the order or shipment confirmation and check the delivery status on the service’s official website.
  • Install a reliable antivirus solution with protection from phishing and online fraud.

Author: Tatyana Shcherbakova.


a demo

We are sure there is nothing better than solving the real-world issues. Get in touch with us.

Get in touch