Cyber security experts have warned the public about a growing cash-on-delivery (COD) scam in which fraudsters send unsolicited parcels to unsuspecting recipients and attempt to collect money through fake deliveries. The warning follows a recent case reported in Kerala, highlighting how cyber criminals are exploiting personal data such as residential addresses and mobile numbers to target victims.
Retail Supply Chain Infiltrations and Low-Value Logistics Traps
In the reported incident, an elderly couple received a parcel addressed to the woman, despite never placing any online order. The package was labelled as a face mask, but the couple refused to accept it after becoming suspicious. Before taking the parcel back, the delivery executive requested an OTP that had been sent to the recipient’s mobile phone. After the OTP was shared, the parcel was returned. Similar unsolicited delivery attempts continued over the following days, accompanied by suspicious calls originating from different cities.
Investigators found that all the parcels were sent as cash-on-delivery orders. According to police, fraudsters obtain victims’ addresses and phone numbers before dispatching low-value or worthless items such as old clothes, bricks or other inexpensive products. If recipients unknowingly accept the parcel and make the COD payment, the money is transferred to the scammers. In many cases, repeated delivery attempts are made to pressure victims into making a payment.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
Courier Intermediary Exploitations and Automated QR Multipliers
Delivery personnel themselves are often unaware of the fraud because they are simply carrying out standard e-commerce delivery procedures. Payments are collected either in cash or through QR code transactions, making the scam appear like a legitimate online purchase.
The Future Crime Research Foundation has described fake COD parcel scams as a new form of social engineering in which cyber criminals exploit personal information to create a sense of legitimacy. The organisation advises consumers never to accept parcels they did not order, never share OTPs with unknown individuals, and never scan QR codes or make payments without first verifying the authenticity of the delivery. It also recommends maintaining a separate bank account with limited funds exclusively for online shopping to minimise financial losses in case of fraud.
Open Source Intelligence Harvester Mitigation and Public Registry Protections
Experts further advise people to avoid unnecessarily sharing personal information such as their mobile number and home address on public platforms. Any suspicious delivery, fraudulent call or payment request should be reported immediately to the National Cyber Crime Helpline (1930) or the National Cyber Crime Reporting Portal.
Cyber security experts believe that the rapid growth of e-commerce and digital payment platforms has also created new opportunities for fraudsters to exploit unsuspecting consumers. They emphasise that remaining cautious about unexpected deliveries, verifying every payment request and following basic cyber safety practices are the most effective ways to stay protected from emerging COD scams.
