Skip to main content


Fraudulent email example detected by Kaspersky

Cybercriminals are sending deceptive emails that appear to be from RAM courier service, falsely claiming that a package was not delivered due to pending customs fees. To create a sense of urgency, the email urges users to click on a provided link for further instructions. When users click on the link, they are redirected to a fraudulent website masquerading as a legitimate RAM courier service portal.

RAM_scam_Kaspersky_research2Fake RAM website asking for payment of shipping fees

Upon reaching the fraudulent website, victims are prompted to input their bank card credentials, providing cybercriminals with direct access to sensitive financial information. Falling prey to this scam exposes individuals to potential identity theft, financial fraud, and significant personal losses.


Users are asked for their bank card details

It’s important to note that the website and the email domains used by the scammers have no relation to RAM and are clearly fake.

“As technology continues to permeate all aspects of our lives, the use of courier services continues to grow and plays an important logistics role, especially for the eCommerce market. In fact, research highlights that in South Africa the Courier, Express and Parcel (CEP) market size is expected to grow from US$ 2203 million in 2020 to US$ 3508 million by 2027. The sad reality is that cybercriminals see this as an opportunity to exploit the market and customers using such services on a regular basis, trying to trick them with scam and phishing mails. And although our research has identified specific tactics using the RAM name, it should be noted that such scams do also use the names of other popular courier services and come in the form of SMS too, and not just email,” says Roman Dedenok, Spam Analysis Expert at Kaspersky. “When watching out for scam and phishing emails, pay attention to the emotional tone conveyed in the message. Scammers often try to evoke fear, excitement, or urgency, to manipulate recipients into taking impulsive actions. Take a step back and analyse how the email makes you feel. This can be key to identifying and avoiding phishing scams effectively.”

To stay safe and not fall victim to phishing, Kaspersky recommends:

  • Verify website authenticity: Before making any transactions or providing personal details, double-check the website's URL for secure connections (look for "https" and a padlock icon). Be wary of websites with slight misspellings or unusual domain names, as these may indicate fraudulent activity.
  • Pay careful attention before clicking on any links received in an email or via an SMS message, as these could be potential phishing links.
  • For businesses, implement protection at the mail gateway level to lessen the likelihood of corporate employees encountering phishing emails. Internet-facing devices need to be protected by an endpoint security solution.
  • Hold regular awareness training for employees on the latest cyberthreats, or, at the very least, regularly inform them of potential phishing scams.
  • Use a security solution: A trusted security solution, such as Kaspersky Premium, will protect you from all known and unknown forms of scams, including courier related phishing.

Package undelivered: Kaspersky warns of scams targeting courier service users in South Africa

Kaspersky experts have detected a wave in scams related to the RAM courier service in South Africa: fraudsters are employing deceptive tactics to trick unsuspecting users into divulging their financial information by claiming packages were undelivered due to unpaid customs fees. RAM is one of South Africa’s most popular courier services.
Kaspersky Logo