The Rise of “Fake Shipment Tracking” Scams in MEA

Cybersecurity researchers are raising concerns over a sharp increase in “fake shipment tracking” scams across the Middle East and Africa (MEA), driven by the rapid expansion of Phishing-as-a-Service (PhaaS) platforms.

According to new research by Group-IB, a leading cybersecurity firm specializing in digital crime prevention and investigation, cybercriminals are exploiting the growing reliance on parcel delivery services—now exceeding 161 billion shipments globally each year—to target unsuspecting users.

The report highlights a coordinated campaign leveraging Sender ID spoofing and real-time keylogging to steal sensitive data, including personal information, banking credentials, and one-time passwords (OTPs), from individuals awaiting deliveries.

How the Scam Works

The attack typically begins with a fraudulent SMS claiming a failed delivery or returned package. Victims are prompted to update their address details or pay a small fee via a malicious link.

Once clicked, the link leads to a highly convincing phishing page designed to mimic legitimate courier websites. Researchers identified several advanced techniques used in these attacks, including:

• Real-time data theft using WebSockets to capture keystrokes such as card numbers, CVV codes, and OTPs as they are entered
• Shared infrastructure linked to the Darcula platform, which provides over 20,000 fake domains and 200 phishing templates
• Sender ID spoofing, allowing fraudulent messages to appear within legitimate SMS threads from trusted delivery providers

Growing Regional Threat

While the scam is global, the MEA region has experienced a notable surge in activity between December 2025 and February 2026, with Egypt and South Africa among the most affected countries.

Researchers note that the widespread use of e-commerce and delivery services has made this one of the most prevalent phishing schemes in the region. The most targeted sectors include:

• Postal and delivery services
• Financial services
• Telecommunications
• Mobility and e-commerce platforms

Recommendations for Protection

Experts emphasize that awareness is the first line of defense against such scams.

For individuals:

• Avoid clicking on tracking links received via SMS or messaging apps; instead, visit official courier websites directly
• Verify the sender’s authenticity, as legitimate companies do not use random phone numbers or personal emails
• Be cautious of urgent payment requests, which are a common phishing tactic
• Watch for suspicious domain extensions such as .xyz, .sbs, .top, and .click
• Report suspicious messages to relevant authorities

For businesses:

• Raise public awareness through regular security alerts
• Strengthen email security using protocols such as DMARC, SPF, and DKIM
• Offer official verification tools for tracking and communication channels
• Proactively monitor and remove fraudulent domains impersonating their brands

A Growing Cybersecurity Challenge

The report underscores that as digital services become increasingly embedded in daily life, cybercriminals continue to evolve their tactics. The rise of phishing-as-a-service is lowering the barrier to entry for attackers, making scams like fake shipment tracking more widespread and harder to detect—posing a growing threat to both individuals and organizations across the MEA region.