Kaspersky experts detected a wave of scams related to courier services in the Middle East, Turkiye, and Africa. Fraudsters are employing deceptive tactics to trick unsuspecting users into divulging their financial information by claiming packages were undelivered due to unpaid delivery fees. Emails are mimicking communication on behalf of courier services popular in Africa, Turkiye, and the Middle East.
Cybercriminals are sending deceptive emails that appear to be from the Aramex courier service, falsely claiming that a package can be delivered after paying a fee. To create a sense of urgency, the email urges users to click on a provided link for further instructions. When users click on the link, they are redirected to a fraudulent website masquerading as a legitimate courier service portal.
Upon reaching the fraudulent website, victims are prompted to input their bank card credentials, providing cybercriminals with direct access to sensitive financial information. Falling prey to this scam exposes individuals to potential identity theft, financial fraud, and significant personal losses.
“As technology continues to permeate all aspects of our lives, the use of courier services continues to grow and plays an important logistics role, especially for the eCommerce market. The sad reality is that cybercriminals see this as an opportunity to exploit the market and customers using such services on a regular basis, trying to trick them with scam and phishing mails,” says Roman Dedenok, Spam Analysis Expert at Kaspersky. “When watching out for scam and phishing emails, pay attention to the emotional tone conveyed in the message. Scammers often try to evoke fear, excitement, or urgency, to manipulate recipients into taking impulsive actions. Take a step back and analyze how the email makes you feel. This can be key to identifying and avoiding phishing scams effectively.”
To stay safe and not fall victim to phishing, Kaspersky recommends:
· Verify website authenticity: Before making any transactions or providing personal details, double-check the website's URL for secure connections (look for "https" and a padlock icon). Be wary of websites with slight misspellings or unusual domain names, as these may indicate fraudulent activity.
· Pay careful attention before clicking on any links received in an email or via an SMS message, as these could be potential phishing links.
· For businesses, implement protection at the mail gateway level to lessen the likelihood of corporate employees encountering phishing emails. Internet-facing devices need to be protected by an endpoint security solution.
· Hold regular awareness training for employees on the latest cyberthreats, or, at the very least, regularly inform them of potential phishing scams.
· Use a security solution: A trusted security solution, such as Kaspersky Premium, will protect you from all known and unknown forms of scams, including courier related phishing.