Pos Laju, J&T & Ninja Van Fake Delivery SMS: Malaysia's Most Common Phishing Scam
Fake delivery SMS impersonating Pos Laju, J&T Express, and Ninja Van are the most common inselaciune de tip phishing in Malaysia. Learn how to identify and avoid these scams.
Pos Laju, J&T & Ninja Van Fake Delivery SMS: Malaysia's Most Common Phishing Scam
It is Monday morning. You check telefonul tau and see an SMS:
"Pos Laju: Your parcel EY0298371MY could not be delivered. Reschedule delivery here: pos-laju-track.com/reschedule"
You have been waiting for an online order, so you click. The page asks for your name, address, and a small "redelivery fee" of RM2.50 via card de credit. You enter your card details. Within hours, thousands of ringgit are charged to contul tau.
This scenario plays out thousands of times a week in Malaysia. Fake delivery SMS messages impersonating Pos Laju, J&T Express, Ninja Van, and other couriers have become the single most common phishing vector in the country.
Why Delivery Scams Work So Well in Malaysia
Malaysia's e-commerce boom means most people are expecting a parcel at any given time. The average Malaysian online shopper receives multiple deliveries per month. When you are actively waiting for a package, a "delivery notification" does not raise immediate suspicion.
Scammers also exploit the genuine frustration Malaysians feel with missed deliveries. A message about a failed delivery attempt triggers urgency — you need to reschedule before the parcel gets returned.
The Common Variants
Variant 1: The Redelivery Fee
"Your parcel could not be delivered. Pay RM1.50 redelivery fee: [link]"
The link leads to a fake payment page that captures your credit or card de debit information. The small amount (RM1.50 to RM3) makes it seem legitimate and not worth questioning.
Variant 2: The Customs Fee
"J&T Express: Your international parcel is held at customs. Pay RM45 clearance fee to release: [link]"
This targets Malaysians who order from overseas platforms like AliExpress or Taobao. The "customs fee" is just the entry point for stealing your payment credentials.
Variant 3: The Address Update
"Ninja Van: Delivery failed — incorrect address. Update your address here: [link]"
The link requests your full informatii personale: name, IC number, phone number, and address. This data is then used for identity fraud or sold on underground markets.
Variant 4: The Tracking Link Malware
"Your parcel status has changed. Track here: [link]"
Instead of a phishing page, the link triggers a malware download — particularly on Android devices. The malware can intercept SMS messages (including banking TACs), steal saved passwords, and monitor your activity.
Cum sa identifici Fake Delivery SMS
| Check | Legitimate | Scam |
|---|---|---|
| Sender | Official shortcode or verified sender | Random phone number or generic sender |
| URL | pos.com.my, jtexpress.my, ninjavan.co | Misspelled or unrelated domains |
| Request | Never asks for payment via SMS link | Requests payment or personal info |
| Tracking number | Matches your actual order | Generic or fake number |
| Grammar | Professional language | Often contains errors |
| Urgency | Standard notification | "Act within 24 hours" pressure |
Official Tracking Websites
Verifica intotdeauna parcel status through official channels:
| Courier | Official Website |
|---|---|
| Pos Laju | www.pos.com.my |
| J&T Express | www.jtexpress.my |
| Ninja Van | www.ninjavan.co/my-en |
| DHL eCommerce | www.dhl.com/my-en |
| GD Express | www.gdexpress.com |
Never click links in SMS messages. Instead, open the courier's official app or website and enter the tracking number manually.
What Happens After You Click
If you have clicked a suspicious link and entered information, the consequences depend on what you shared:
If You Entered Credit/Card de Debit Details
- Call your bank immediately to block the card.
- Request a replacement card with a new number.
- Review recent transactions for unauthorized charges.
- File a dispute for any fraudulent transactions.
If You Entered Informatii Personale
- Monitor your CCRIS report for unauthorized credit applications.
- Check with your telco for unauthorized SIM changes.
- Enable alerts on all financial accounts.
- Lodge a police report — this creates a record in case of future identity fraud.
If You Downloaded a File (Android)
- Enable airplane mode immediately to stop data transmission.
- Do not enter any passwords or open banking apps.
- Factory reset dispozitivul tau — this is the safest way to remove mobile malware.
- Change all passwords from a different, clean device before restoring telefonul tau.
Protecting Yourself Going Forward
Phone Settings
- Block unknown senders: Both iPhone and Android allow you to filter messages from unknown numbers.
- Enable spam filtering: Apps like Truecaller can identify and block known scam numbers.
- Keep your OS updated: Security patches address vulnerabilities exploited by malware.
Shopping Habits
- Use in-app tracking: Track your parcels through the Shopee, Lazada, or seller's official app rather than clicking external links.
- Save courier tracking pages as bookmarks so you always go to the real site.
- Be extra cautious during sale periods (11.11, 12.12, CNY sales) when scammers know most people are expecting parcels.
Sharing Delivery Information
When sharing tracking numbers, delivery addresses, or order details with others — especially for group purchases or office deliveries — avoid sending them in unprotected messages. A tool like LOCK.PUB lets you share this information through expiring, protejat cu parola links, keeping your delivery details out of permanent chat histories.
Reporting Delivery Scams
Help protect other Malaysians by reporting scam messages:
- Forward the SMS to MCMC at 7726 (SPAM).
- Report to CCID Scam Response Center at 03-2610 1559.
- Check and report at semakmule.rmp.gov.my — PDRM's database for checking scam numbers.
- Report the URL to Google Safe Browsing or your browser's phishing report function.
Amploarea problemei
MCMC receives tens of thousands of scam SMS reports monthly, with delivery-related phishing consistently being the top category. The problem persists because the barrier to entry for scammers is incredibly low: bulk SMS services cost pennies per message, phishing page templates are freely available, and the hit rate is high enough to be profitable.
Until stronger SMS verification systems are implemented at the telco level, the most effective defence is awareness. If you did not specifically request a delivery notification, treat any SMS with a link as suspicious.
Stay safe from phishing. Protect and share your informatii sensibile securely at LOCK.PUB.
Keywords
You might also like
Fake InPost SMS Scams: Cum sa identifici Phishing Paczkomat Notifications in Poland
Fake InPost and Paczkomat SMS messages are the most common atac de phishing in Poland. Learn how to identify fake delivery notifications and protect banii tai.
PostNL and DHL Fake Delivery SMS: Cum sa identifici Phishing in the Netherlands
Learn how to identify fake PostNL and DHL delivery notifications that install banking trojans. The most common atac de phishing in the Netherlands explained.
Diia App Phishing in Ukraine: Cum escrocii Exploit Digital Government Services
Learn how atac de phishings target Diia (Дія) app users in Ukraine, from fake government notifications to digital document theft. Complete protection guide for Ukrainian digital ID users.
Create your password-protected link now
Create password-protected links, secret memos, and encrypted chats for free.
Get Started Free