China is facing another massive cybercrime wave as authorities report that total losses from SMS phishing attacks have surpassed USD 1 billion in 2025 alone. The alarming figure highlights how simple yet sophisticated scams can exploit public trust in delivery and logistics services to devastating effect.
These deceptive messages typically impersonate shipping companies or transport authorities, complete with fake tracking links and urgent “package held” alerts. Once victims click the link, malicious websites or malware steal their personal data, banking credentials, and sometimes even biometric information.
A Simple Message, a Catastrophic Outcome
Known locally as “delivery scams,” these phishing campaigns rely on psychological pressure and familiarity. Victims are told that their package is pending payment of a small fee or verification. Clicking the link directs them to a fake website that mirrors official logistics portals, tricking them into entering personal details — names, addresses, card numbers, and even OTP codes.
Cybersecurity authorities, including China’s Cyberspace Administration (CAC), estimate that more than six million citizens have been targeted, with average individual losses between USD 150 and USD 300. Despite efforts by telecom operators to block suspicious numbers, criminals continue to evolve their techniques, using automation tools and localized language to make the scams more convincing.
An Asian-Wide Concern, Not Just a Chinese Problem
The phishing epidemic has quickly spread beyond China’s borders. Similar attacks have been reported across Indonesia, Singapore, and Malaysia, often mimicking local courier or banking notifications.
In Indonesia, “delivery-related phishing” has become one of the most frequently reported cybercrime cases since 2023, fueled by the explosive growth of e-commerce and heavy reliance on mobile communication. Many victims fall prey simply because they fail to verify the authenticity of a message — especially when the text creates a sense of urgency, such as “your parcel will be returned within 24 hours unless confirmed.”
From SMS to Deepfake Voice Scams and Fake Apps
Phishing in China has also evolved beyond text messages. Reports from TechNode Asia reveal that fraudsters are now leveraging AI-generated voices to impersonate customer-service agents, adding a dangerous layer of credibility. Others have distributed fake delivery apps disguised as legitimate software, capable of harvesting sensitive data once installed.
These developments underline a key truth: cybercrime evolves at the same speed as digital innovation. Every new layer of convenience — from mobile banking to facial recognition — introduces new vulnerabilities if not backed by strong verification systems.
Prevention: Awareness and Multi-Layered Security
To minimize the risk of phishing, experts recommend a few essential precautions:
- Never click links from unknown senders.
Always verify that the website or message originates from an official source. - Double-check the sender’s address and URL.
Scammers often use look-alike domains — “logistix” instead of “logistics.” - Enable two-factor authentication and secure biometrics.
Extra security layers can prevent unauthorized access even if data is stolen. - Report suspicious messages immediately.
The faster incidents are reported, the higher the chance of blocking phishing routes.
Yet, individual awareness is only one part of the solution. Businesses and organizations that handle customer data must also take responsibility by ensuring their systems are resilient against identity spoofing and credential theft.
Building Digital Trust: The New Security Currency
In today’s economy, trust is the new digital currency. A single data breach or phishing incident can shatter a company’s reputation overnight. That’s why leading organizations are adopting a security-by-design approach — embedding identity verification and data protection into every digital process.
Modern identity-verification technologies now combine liveness detection, face matching, and encrypted digital signatures, allowing companies to confirm real users without sacrificing convenience. These systems not only streamline onboarding and authentication but also help mitigate the growing threat of phishing, fake accounts, and data misuse.
A Smarter Way to Protect the Digital World
Phishing and data theft are no longer isolated incidents; they are systemic risks to every business that operates online. Passwords and OTPs alone are no longer enough — organizations need smarter, adaptive verification systems that safeguard both users and operations.
That’s where Beeza comes in.
Beeza provides secure, fast, and integrated digital identity verification designed to help businesses authenticate real users effortlessly. With advanced features such as e-KYC, face matching, and digital signatures, Beeza ensures every digital interaction remains trusted and compliant.🔒 In a world where cyber threats grow smarter every day, it’s time to protect your customers — and your reputation — with smarter verification.
Visit beeza.id to learn how Beeza can help your business build digital trust and defend against phishing threats.