As global reliance on e-commerce and postal services grows, cybercriminals have found new avenues to exploit. The latest tactic, known as the fake shipment tracking scam, has seen a significant increase in the Middle East and Africa (MEA) as reported by Group-IB analysts.
Understanding the Rise of Phishing Attacks
Postal services now cater to over 7.3 billion people worldwide, as highlighted in the 2024 Universal Postal Union report, with Statista noting 161 billion parcels shipped in 2022. This increasing dependency has opened doors for scams, with fake shipment notifications becoming a common technique used by cybercriminals.
Victims receive urgent SMS messages about undelivered packages, prompting them to click links to update their address or pay a small fee. These links redirect to convincing fake courier websites designed to harvest personal and banking information.
Targeted Regions and Sectors
Between December 2025 and February 2026, Egypt emerged as the primary target with 119 reported cases, followed by South Africa, Ghana, and Kenya. The postal sector suffered the most, accounting for 115 incidents, while financial services and telecommunications also faced significant threats.
Scammers leverage psychological tactics, exploiting the routine nature of delivery notifications, which often go unquestioned by recipients. The sophistication of these scams lies in their simplicity and the widespread mobile usage for accessing these links.
The Technical Sophistication of Scams
Cybercriminals employ a broad infrastructure, utilizing cheap domain extensions and shared IP addresses to facilitate these scams. The phishing pages contain embedded scripts that initiate a real-time data transfer to attacker-controlled servers once a victim engages with the site.
This setup allows for immediate capture of sensitive information, including card details and one-time passwords, without the victim’s knowledge. Additionally, the use of unique tokens for each session highlights the organized nature of these operations.
Prevention and Safety Measures
Individuals should be wary of SMS links and instead verify shipment details directly through official courier websites. Messages demanding prompt payment or address changes should be treated with suspicion, as legitimate companies do not charge for redelivery.
Businesses can mitigate risks by issuing regular alerts about phishing threats and implementing email authentication protocols like DMARC, DKIM, and SPF. Collaboration with mobile carriers to block fraudulent SMS patterns can further protect customers.
As these scams become more prevalent, staying informed and vigilant remains crucial. Report suspicious activities to local cybersecurity authorities and take proactive steps to safeguard personal information.
