RASIMENE
Blog
Phishing·March 27, 2026·9 min read

The 'parcel awaiting delivery' SMS: anatomy of a scam that still works.

Why does this old trick keep catching thousands of people every month? We break down the operation, from the sending servers to the stolen bank details.

ME
Mohamed ESSID
Founder — Trasimène

The infrastructure behind the scam

These texts don't come from a teenager in a garage with a burner phone. Behind a professional SMS phishing campaign lies an industrial infrastructure.

The bulk-sending servers are generally hosted outside the European Union — Ukraine, Moldova, some South-East Asian countries — which complicates judicial cooperation. Sender numbers are burner numbers refreshed every hour to evade blacklists. The fraudulent web pages are hosted on domains registered 24 to 48 hours before the campaign, often via unscrupulous registrars.

The total cost of a turnkey campaign — server, numbers, domain, cloned page — is estimated at between €150 and €300. With a 2% click rate on 100,000 texts sent, and a 10% conversion rate (bank details entered), the return on investment is massive.

The phishing page

The fake page impersonates DHL, La Poste, Colissimo or Chronopost with unsettling accuracy: the right logos, the right brand colours, sometimes even a delivery progress bar and a randomly generated but convincingly formatted tracking number.

The request is for €1.99 in 'customs fees' or 'redelivery fees'. The amount is deliberately low — it doesn't trigger the psychological alarm that accompanies a significant transaction.

The goal isn't those €2. It's your 16-digit card number, expiry date, and the CVV on the back. With these three pieces of information, any online payment service can be charged.

What happens next

Within hours of entry, your card is 'tested': micro-transactions of €0.01 to €0.50 on platforms that accept payments without strong authentication (some subscription services, tips, donations).

Once the card is validated as active, larger purchases follow. The preferred technique: buying Steam, Amazon or Google Play gift cards, which can be converted to cash on secondary markets within minutes and leave no direct banking trail.

Recovering your money through a chargeback takes an average of 3 to 6 months. Your bank will almost certainly refund — but only if you dispute the transactions within the time limit (13 months maximum for payments in France).

How to stop falling for it

Four simple rules that eliminate 95% of the risk:

  • Never click a delivery SMS link — go directly to the official carrier website (laposte.fr, dhl.fr) and manually enter the tracking number received from the seller.
  • Check the URL before entering anything: 'laposte-colis-paiement.com' or 'colissimo-fr.net' are not La Poste. The legitimate URL is always laposte.fr.
  • Real carriers never ask for a bank card via SMS for a delivery — this is an absolute fraud marker.
  • Report the SMS to 33700 (France's national anti-smishing platform run by GSMA) — this helps take down fraudulent numbers faster.
Trasimène analyses URLs in real time. If you tap or open a fraudulent link, access is blocked before the page loads.

These scams persist because they exploit a perfectly plausible context — we all order parcels, and often have several on the way at once. Systematic vigilance on every link received by SMS, without exception, is the only real defence. A link in a delivery text: never click directly.

Trasimène — Mobile security

Enable phishing protection

Download Trasimène →
Back to blog