Aramex delivery fake tracking page in Arabic revealed

Posted byAnti-phishing Leave a comment on Aramex delivery fake tracking page in Arabic revealed

Security Notice: This deceptive layout was logged, cross-checked, and neutralized firsthand by the Antiphishing.biz security team during our automated link scanning workflows. To protect the public, the phishing source domain has been completely disabled within our infrastructure. We document and analyze these live visual patterns to help security researchers and users spot lookalike phishing methods before financial damage occurs.

Actual screenshot of "Aramex delivery fake tracking page in Arabic revealed" phishing interface captured during link moderation on our platform.
Figure 1: Live screenshot of the live scam infrastructure captured during routine moderation.

This screenshot shows a phishing page impersonating a delivery service (likely Saudi Post or a local courier), targeting Arabic‑speaking users. It uses a small fee (6 SAR) as a pretext to collect full name, full card details, and CVV.

Threat Analysis: Delivery Service Phishing – Small Fee & Card Harvesting

How it works:
The victim receives an SMS or email claiming a package requires a shipping fee. The link leads to this page, which displays:

  • A fake tracking number
  • A small amount (6 SAR)
  • Fields for full name, card number, expiration date, and CVV

The goal:
The attacker captures full credit/debit card information (number, expiry, CVV) along with the victim’s name, enabling fraudulent transactions.

Red flags:

  • Suspicious URL: The page is hosted on a domain that is not the official courier’s website.
  • Request for CVV for a small shipping fee: Legitimate couriers do not ask for your card security code to collect a delivery fee.
  • Small fee trick: 6 SAR is a trivial amount intended to lower suspicion.
  • Fake tracking number: The tracking number cannot be verified on the official postal website.
  • No personalization: The message does not reference an actual package or address.

What to do:

  • Do not enter any personal or card information.
  • If you are expecting a delivery, track it directly on the official courier website using your real tracking number.
  • If you have already entered card details, contact your bank immediately to block the card.

Protective measures:

  • Never click links in unsolicited delivery messages. Always go directly to the official courier site.
  • Never pay a “redelivery fee” via a link. Legitimate fees are handled through official portals or in person.
  • Enable transaction alerts on your bank account.

Leave a comment

Your email address will not be published. Required fields are marked *