This screenshot shows a phishing page impersonating a delivery service (likely Saudi Post or a local courier), targeting Arabic‑speaking users. It uses a small fee (6 SAR) as a pretext to collect full name, full card details, and CVV.
Threat Analysis: Delivery Service Phishing – Small Fee & Card Harvesting
How it works:
The victim receives an SMS or email claiming a package requires a shipping fee. The link leads to this page, which displays:
- A fake tracking number
- A small amount (6 SAR)
- Fields for full name, card number, expiration date, and CVV
The goal:
The attacker captures full credit/debit card information (number, expiry, CVV) along with the victim’s name, enabling fraudulent transactions.
Red flags:
- Suspicious URL: The page is hosted on a domain that is not the official courier’s website.
- Request for CVV for a small shipping fee: Legitimate couriers do not ask for your card security code to collect a delivery fee.
- Small fee trick: 6 SAR is a trivial amount intended to lower suspicion.
- Fake tracking number: The tracking number cannot be verified on the official postal website.
- No personalization: The message does not reference an actual package or address.
What to do:
- Do not enter any personal or card information.
- If you are expecting a delivery, track it directly on the official courier website using your real tracking number.
- If you have already entered card details, contact your bank immediately to block the card.
Protective measures:
- Never click links in unsolicited delivery messages. Always go directly to the official courier site.
- Never pay a “redelivery fee” via a link. Legitimate fees are handled through official portals or in person.
- Enable transaction alerts on your bank account.