Fake Zajil Express page in Arabic detected

Posted byAnti-phishing Leave a comment on Fake Zajil Express page in Arabic detected

Analysis Memo: This spoofed page was logged, cross-checked, and neutralized firsthand by the Antiphishing.biz security team during our standard URL vetting operations. To protect the public, the hostile origin link has been completely disabled within our infrastructure. We document and analyze these live visual patterns to help security researchers and users recognize deceptive clone designs before financial damage occurs.

Actual screenshot of "Fake Zajil Express page in Arabic detected" phishing interface captured during link moderation on our platform.
Figure 1: Verified screenshot of the active phishing operation captured during routine moderation.
Actual screenshot 2 of "Fake Zajil Express page in Arabic detected" phishing interface captured during link moderation on our platform.
Figure 2: Verified screenshot of the active phishing operation captured during routine moderation.

These two screenshots show a phishing campaign targeting Arabic‑speaking users, likely in Saudi Arabia (based on the country code, phone number format, and references). The scam impersonates a delivery or courier service (“zaiji-express”) and uses a fake delivery confirmation process to harvest personal information and full card details.

Threat Analysis: Delivery Service Phishing – Recipient Information & Card Data Harvesting

Step 1 – Personal Information Page (First Screenshot)
The victim is asked to “confirm recipient information” by providing:

  • First name and surname
  • Email address
  • Address

Step 2 – Card & Identity Details Page (Second Screenshot)
The victim is then asked for:

  • Postal code
  • Phone number
  • National ID or identity card number
  • Full card number
  • Expiration date (month/year)
  • CVV

A “Confirm” button submits the data.

The goal:
The attacker collects:

  • Personal information (name, address, email, phone) for identity theft
  • National ID number (a critical piece of identity in Saudi Arabia)
  • Full credit/debit card details (number, expiry, CVV) for fraudulent transactions

Red flags to watch for:

  • Suspicious URL: The pages are hosted on a domain that is not the official courier’s website. Legitimate delivery services use their own official domains.
  • Request for national ID and full card details together: No legitimate delivery service needs your national ID and card CVV to complete a delivery.
  • Fake company branding: The footer shows “zaiji-express” with a Saudi address and contact details. These may be fabricated or copied.
  • Unsolicited request: Delivery services do not send links asking for this level of personal and financial information.
  • No tracking number or package details: The victim is not given a way to verify the supposed shipment.

What to do if you encounter this:

  • Do not enter any personal information, national ID, or card details.
  • If you are expecting a delivery, track it directly on the official courier website using your tracking number.
  • If you have already entered card details, contact your bank immediately to block the card.
  • Report the phishing page to the legitimate courier being impersonated and to the relevant authorities.

Protective measures:

  • Never click links in unsolicited delivery messages. Always go directly to the official courier website.
  • Never provide your national ID or card CVV in response to a delivery notification.
  • Check the URL carefully: Look for misspellings, extra words, or unusual top‑level domains.
  • Enable two‑factor authentication on your bank account and email.

Leave a comment

Your email address will not be published. Required fields are marked *