Citizen Reporter
2 minute read
2 Dec 2021
9:36 pm

Cybersecurity researchers warn of delivery scams following Black Friday

Citizen Reporter

According to Pinnock, nearly 50,000 emails have been sent to unsuspecting customers impersonating well known delivery companies.

Picture: iStock

Cybersecurity researchers are urging consumers to be on the lookout for delivery scams following Black Friday and Cyber Monday.

This after Mimecast’s threat hunting team detected malicious emails and spoofed web pages impersonating well-known delivery companies in South Africa, such as EPX.

These scams aim to steal financial information from South Africans, under the guise of paying delivery fees for packages.

According to Brian Pinnock, cybersecurity expert at Mimecast, cybercriminals are capitalising on higher delivery volumes during the end-of-year shopping season by imitating trusted courier and delivery companies.

“Tens of thousands of emails are being sent to consumers in the hope that they will bite. Once they click on the link provided in the email, consumers are redirected to a web page where they are asked to pay a small fee for their package to be delivered. Once they enter their credit card details, they have handed their financial information over to the criminals,” said Pinnock.

“With so many presents being sent at this time of the year, it’s hard for the receiver to know whether the package has been sent by a loved one, so it’s an easy way to trick people. The fee is small, so they don’t mind making the payment.”

According to Pinnock, nearly 50,000 emails have been sent to unsuspecting customers impersonating well known delivery companies.

“The growing popularity of online shopping in South Africa and ongoing disruption from the pandemic is creating fertile ground for threat actors to subvert the brands of well-known delivery companies in the service of cybercrime,” said Pinnock.

He called on customers to exercise caution when clicking on links in emails, especially those that require some form of payment.

In a statement on Thursday, DHL clarified that it only collects money due for official DHL related shipping expenses, further saying it will not be held responsible for any costs improperly incurred as a result of fraudulent activity.

ALSO READ: Phishing alert: Don’t fall for these scams

Indicators of a fraudulent email, as advised by DHL:

  • Official DHL communication is always sent from,,, or another country domain after @dhl.
  • DHL never uses @gmail, @yahoo or other free email services to send emails.
  • They never link to a website other than their own starting with for example,, or a country/campaign website

For smses:

  • SMS Scams often include a shortened URL e.g. starting with to obfuscate the final destination of the link.
  • The sender number is not visible, instead you find a generic name such as “Delivery”.
  • The phone number starts with aa country prefix outside of an expected territory (e.g. +235).