Cybersecurity company Mimecast has warned consumers to be on the lookout for a clever online shopping delivery scam in South Africa that could expose their credit card details to fraudsters.
The company’s threat hunting team recently detected malicious emails and spoofed web pages impersonating well-known courier and delivery companies.
These emails convince South Africans to hand over their credit card or banking information under the guise of paying delivery fees for packages.
According to Brian Pinnock, a cybersecurity expert at Mimecast, cybercriminals are capitalising on higher delivery volumes during the end-of-year shopping season, with many people awaiting their Black Friday or Christmas deliveries.
“Tens of thousands of emails are being sent to consumers in the hope that they will bite,” Pinnock explained.
“Once they click on the link provided in the email, consumers are redirected to a web page where they are asked to pay a small fee for their package to be delivered.”
“Once they enter their credit card details, they have handed their financial information over to the criminals,” Pinnock stated.
Mimecast said that two well-known delivery brands in South Africa had been impersonated in the campaign, with nearly 50,000 emails sent to unsuspecting consumers.
The images below show examples of the emails and phishing pages.
Pinnock said with many presents sent at this time of the year, it might be hard for receivers to know whether the package has been sent by a loved one, making it easy to trick them.
“The fee is small, so they don’t mind making the payment.”
This latest threat follows the discovery of another scam a few months ago that imitated the brands of national postal services in at least 26 countries, including the South African Post Office.
“The growing popularity of online shopping in South Africa and ongoing disruption from the pandemic is creating fertile ground for threat actors to subvert the brands of well-known delivery companies in the service of cybercrime,” said Pinnock.
He advised extreme caution when clicking on links in emails, especially when some form of payment is being requested.
Pinnock told eNCA that the conventional ways to spot a scam were no longer relevant.
“We used to say look out for brands or links that look ‘wrong’. Unfortunately, that advice is outdated now,” Pinnock said.
“Cybercriminals are very good at impersonating brands, the brands actually look incredibly realistic, and I wouldn’t rely on that to determine whether or not it’s a scam,” Pinnock said.
Among the red flags that consumers need to look out for are any surprising messages or charging an additional fee that they were not aware of when placing an order.
In addition, any sense of urgency expressed by the email should raise caution.
“If you see something that seems too urgent and is outside of the ordinary that you were expecting, rather phone the online retailer or whoever you are expecting the delivery from and confirm and put the numbers [tracking number and details provided in the email] through,” Pinnock said.
Pinnock added that delivery companies should also take additional steps to protect their customers.
These include deploying the DMARC (Domain-based Message Authentication, Reporting & Conformance) email protocol and brand exploit protection solutions that limit cybercriminals’ ability to imitate their brands.
