Fraudsters Exploit Temu, Shein Boom in South Africa With Sophisticated SMS Scams
Fraudsters are exploiting the surge in popularity of Chinese e-commerce platforms Temu and Shein in South Africa, using sophisticated SMS phishing scams that mimic legitimate courier notifications to harvest credit card details from unsuspecting consumers.
The scams, which demand a nominal ZAR 19.00 (approximately USD 1.00) payment for parcel release, have proliferated as South Africans increasingly shop on these budget-friendly platforms, according to banking officials monitoring the rising tide of digital fraud.
Background and Context
The fraudulent scheme capitalises on the daily flood of legitimate delivery notifications from Buffalo Logistics, the primary courier service for both Temu and Shein in South Africa. As these platforms have gained explosive traction in the country's price-sensitive market, criminals have "hooked onto" the routine delivery updates that South Africans have come to expect, explains Nick Harris, Head of Financial Crime at Capitec bank.
In an interview with Cape Talk, Harris described how the scam messages typically read: "Your parcel's ready for delivery, you just need to make payment." The modest ZAR 19.00 demand is strategically calculated—small enough to avoid immediate suspicion while remaining plausible as a genuine courier fee. Among legitimate delivery notifications, a single fraudulent message can easily go unnoticed.
Key Figures and Entities
Banking officials have been at the forefront of exposing these schemes. Nick Harris of Capitec has warned consumers that clicking the provided links doesn't pay courier fees but rather harvests credit card information for subsequent card-not-present fraud. Meanwhile, Standard Bank flagged a similar scam in July 2025 involving fake Financial Intelligence Centre Act (FICA) compliance messages.
The Standard Bank scam warned recipients: "Your Standard Bank account is scheduled to be blocked in 2hrs due to fica failure update. Please update your profile to avoid this." The bank confirmed this was not official communication and identified the linked website as a convincing spoof designed to capture sensitive financial information.
Security experts like Bonolo Sebolai, Head of Fraud at TymeBank, have also highlighted the growing sophistication of these attacks, particularly the emergence of Remote Access Trojan (RAT) scams, where criminals gain live access to victims' devices. Sebolai described RAT scams as "particularly dangerous because the criminal uses the customer's own device at the same time as the customer."
Legal and Financial Mechanisms
The phishing attacks exploit several psychological and technical vulnerabilities. By impersonating trusted entities—couriers for delivery updates or banks for regulatory compliance—the fraudsters leverage social engineering to bypass natural skepticism. The small monetary demand of ZAR 19.00 creates a low barrier for compliance, as most consumers would readily pay such an amount without extensive verification.
Financially, once criminals obtain credit card details through these schemes, they can engage in card-not-present fraud, making unauthorized purchases online without needing the physical card. This type of fraud has become increasingly prevalent as digital commerce expands globally.
The FICA-related scams exploit specific South African regulatory requirements. The Financial Intelligence Centre Act mandates that financial institutions verify customer identities, and fraudsters use this legitimate regulatory framework as leverage, creating urgency by threatening account suspension.
International Implications and Policy Response
These scams reflect a broader global trend of increasing digital fraud targeting consumers through mobile channels. According to Truecaller, fraud incidents in South Africa rose 32% year-on-year during the recent festive season, with criminals exploiting high volumes of transactions, community savings fund (stokvel) payouts, and parcel deliveries.
The situation highlights significant challenges for regulatory bodies and financial institutions in combating increasingly sophisticated fraud techniques. While South African banks have implemented various security measures, the rapid evolution of social engineering tactics requires continuous adaptation and public education.
Security experts emphasize that no legitimate bank or courier service will request card details via SMS links. Consumers are advised to never click links in unsolicited messages and instead navigate directly to official websites or applications to verify any delivery or account issues.
Sources
This report draws on statements from banking officials at Capitec, Standard Bank, and TymeBank, interviews with Cape Talk radio, and fraud statistics reported by Truecaller. Information about specific scam messages and security recommendations comes from public warnings issued by South African financial institutions.
