Imagine receiving a text message about a package you are expecting. It includes your name and delivery reference, asking you to update your address or pay a small delivery fee. It looks legitimate—but it could be a scam.
That is the type of fraud cybercriminals could carry out if an alleged customer database belonging to Naqel Express, a Saudi Arabian logistics and delivery company, is authentic.
A threat actor claims to be selling the alleged database on a cybercrime forum commonly used to trade stolen information. According to the seller, it contains 146,366 records and is being offered for $250.
At the time of publication, there is no official confirmation that Naqel Express has experienced a data breach. The seller’s claims and any sample data have not been independently verified, so the incident should be treated as an unverified claim until confirmed by the company or relevant authorities.
The seller claims the database includes:
- Customer names
- Phone numbers
- GPS coordinates
- Delivery addresses
- Waybill numbers
- Delivery details
- Photos of some drivers
- Records reportedly linked to pharmaceutical shipments
If genuine, the data could be used to:
- Impersonate the delivery company.
- Launch convincing SMS phishing (smishing) campaigns.
- Use names and waybill numbers to make fraudulent messages appear legitimate.
- Identify precise delivery locations, including homes, businesses, warehouses, and pharmacies.
- Target people expecting medicine deliveries with convincing scam calls or messages.
- Support fraud, identity theft, and other social engineering attacks.
Although the asking price is only $250, the low cost could make the alleged database widely accessible to cybercriminals if it is authentic.
If confirmed, the incident could affect customers, businesses, pharmacies, healthcare providers, and delivery drivers. Organizations could also face phishing campaigns, customer fraud, reputational damage, operational disruption, and potential regulatory or legal consequences.
How to Protect Yourself
- Be cautious of unexpected calls, emails, or text messages requesting delivery updates, additional payments, one-time passwords (OTPs), or personal information.
- Check delivery status only through the company’s official website or mobile application, not through links in messages.
- Verify unusual requests directly with the company’s official customer support channels.
- Monitor your accounts for suspicious activity, avoid reusing passwords, and follow official company announcements for verified updates.
Whether this claim is ultimately confirmed or not, it highlights how logistics data can be exploited for phishing, fraud, identity theft, and other social engineering attacks, reinforcing the importance of verifying delivery-related communications through official channels.
