Across Russia, criminals have pretended to be staff from familiar delivery services to lure unsuspecting customers into traps. A major news outlet reported this trend, citing a consumer safety agency that monitors online fraud. Industry observers describe the tactic as surprisingly ordinary at first glance, which makes victims drop their guard just long enough for the scam to work. The same pattern has shown up in other regions as well, including Canada and the United States, underscoring a global thread in fraud where trusted brands are exploited to harvest personal data.
Investigators describe the technique in concrete terms. Attackers clone the official profiles of popular services such as SDEK, Sbermarket, Yandex Delivery and Delivery Club on the WhatsApp messenger. A message then claims that the customer’s order is ready for delivery, prompting the recipient to click a link to track it. The link leads to a counterfeit delivery site designed to collect sensitive information, including card numbers, the name on the account, and online banking passwords. In short, it is a phishing attack masquerading as a routine delivery update, crafted to blend into everyday messaging.
Another fraud variant tends to target older adults who may be less acquainted with digital security practices. Advisory voices stress a simple rule for everyone: avoid clicking on suspicious links, especially when a delivery notice arrives without any prior expectation. Security experts from consumer safety organizations warn that the danger is real and growing, urging households to discuss these schemes and adopt safer habits. Families can help by reviewing messages together, verifying the sender, and stepping back when something feels off.
Earlier, a major financial institution warned about a scheme that tries to steal funds by pushing a banking app update onto a user’s device. Such updates can hide malware or request permissions to access sensitive information, enabling criminals to drain balances or access accounts. Consumers are advised to obtain app updates only from official stores, and to scrutinize each requested permission, especially those relating to payment features or account access.
Previous advisories described practical steps to shield deposits from fraudsters. The guidance emphasizes confirming the origin of any delivery notification, using official apps, and enabling extra security features. It advocates skepticism toward unexpected prompts and checking with trusted channels, such as the bank, before taking action. For readers in Canada and the United States, the same principles apply: never share bank credentials, never enter data on unfamiliar pages, and rely on official channels for updates and payments. Maintaining alertness while monitoring bank activity, enabling alerts, and using password managers can add robust layers of protection. If something feels off, it is wise to pause and verify through a trusted contact or directly with the bank rather than rushing to approve a request.