Crime

Home » News » South Africa » Crime

Avatar photo

By Citizen Reporter

Journalist

3 minute read

2 Dec 2021

09:36 pm

Cybersecurity researchers warn of delivery scams following Black Friday

According to Pinnock, nearly 50,000 emails have been sent to unsuspecting customers impersonating well known delivery companies.

Cybersecurity researchers warn of delivery scams following Black Friday

Picture: iStock

Cybersecurity researchers are urging consumers to be on the lookout for delivery scams following Black Friday and Cyber Monday.

This after Mimecast’s threat hunting team detected malicious emails and spoofed web pages impersonating well-known delivery companies in South Africa, such as EPX.

These scams aim to steal financial information from South Africans, under the guise of paying delivery fees for packages.

According to Brian Pinnock, cybersecurity expert at Mimecast, cybercriminals are capitalising on higher delivery volumes during the end-of-year shopping season by imitating trusted courier and delivery companies.

“Tens of thousands of emails are being sent to consumers in the hope that they will bite. Once they click on the link provided in the email, consumers are redirected to a web page where they are asked to pay a small fee for their package to be delivered. Once they enter their credit card details, they have handed their financial information over to the criminals,” said Pinnock.

Top digital scams that impacted South Africa during lockdown

“With so many presents being sent at this time of the year, it’s hard for the receiver to know whether the package has been sent by a loved one, so it’s an easy way to trick people. The fee is small, so they don’t mind making the payment.”

According to Pinnock, nearly 50,000 emails have been sent to unsuspecting customers impersonating well known delivery companies.

“The growing popularity of online shopping in South Africa and ongoing disruption from the pandemic is creating fertile ground for threat actors to subvert the brands of well-known delivery companies in the service of cybercrime,” said Pinnock.

He called on customers to exercise caution when clicking on links in emails, especially those that require some form of payment.

In a statement on Thursday, DHL clarified that it only collects money due for official DHL related shipping expenses, further saying it will not be held responsible for any costs improperly incurred as a result of fraudulent activity.

ALSO READ: Phishing alert: Don’t fall for these scams

Indicators of a fraudulent email, as advised by DHL:

  • Official DHL communication is always sent from @dhl.com, @dpdhl.com, @dhl.de, @dhl.fr or another country domain after @dhl.
  • DHL never uses @gmail, @yahoo or other free email services to send emails.
  • They never link to a website other than their own starting with for example https://dhl.com/, https://dpdhl.com/, or a country/campaign website

For smses:

  • SMS Scams often include a shortened URL e.g. starting with https://bit.ly/ to obfuscate the final destination of the link.
  • The sender number is not visible, instead you find a generic name such as “Delivery”.
  • The phone number starts with aa country prefix outside of an expected territory (e.g. +235).

Read more on these topics

Black Friday

Catch up with the latest news from The Citizen on WhatsApp by following our channel. Click here to join.

EDITOR'S CHOICE

Elections New poll shows support for ANC close to 40% a month before elections
Politics Bye bye parliament? MK party comrades sent packing weeks before national elections
Local Soccer Mokwena unsure of Sundowns future after Champions League exit
Courts Here’s why Electoral Court overturned IEC’s decision to bar Zuma’s candidacy
South Africa Eskom predicts stage 2 load shedding over winter, stage 5 in worst-case scenario

Click here to get The Citizen news and updates on Whatsapp.

Find out more

RELATED ARTICLES

Access premium news and stories

Access to the top content, vouchers and other member only benefits

Subscribe