Fake Delivery Texts in Brazil
SMS and WhatsApp phishing messages impersonating Brazilian couriers such as Correios, Mercado Livre, or Shopee to harvest credentials and banking data.
Part of: Fake Delivery Texts
Last reviewed: 1 June 2026
Brazilians are among the world's most active e-commerce shoppers, and scammers exploit delivery anxiety by sending fake tracking notifications that mimic well-known courier and marketplace brands. These smishing messages often use convincing Correios or Mercado Livre branding.
The links inside redirect to credential-harvesting pages or install banking malware (Trojans specifically targeting Brazilian banco apps) onto Android devices. The scam spikes around major shopping events such as Black Friday Brasil and the holiday season.
How this scam works on Brazil
A victim receives a WhatsApp or SMS message claiming their Correios package is held due to an incorrect address or unpaid customs duty. The message includes a link styled to look like the official Correios tracking portal. Clicking installs a fake Correios app that is actually a banking trojan designed to overlay Brazilian bank apps and steal credentials.
In another variant, the message claims a Mercado Livre or Shopee order cannot be delivered and prompts the victim to 'confirm' their address and payment details on a cloned site. Stolen card numbers and CPFs are then used for fraudulent purchases or sold on dark-web markets.
Brazil has a particularly active ecosystem of banking malware families (such as Guildma and Grandoreiro) that are specifically built to target Brazilian financial institutions, making fake delivery links an especially dangerous vector.
Common red flags
- SMS or WhatsApp message about a package you do not recognize ordering
- Link domain does not match the official courier site (e.g., correios.com.br)
- Message asks you to install an APK outside of Google Play or the App Store
- Prompt to pay a small 'customs fee' via PIX or boleto to release the package
- Urgency language such as 'your package will be returned in 24 hours'
- Poor Portuguese grammar or unusual formatting inconsistent with official communications
How to protect yourself
- Always track packages directly through the official courier site, not through links in messages
- Never install APK files sent via SMS or WhatsApp — only install apps from official stores
- Enable two-factor authentication on all Brazilian bank and fintech apps
- Check your CPF and banking data regularly at registrato.bcb.gov.br for unauthorized activity
- Keep your Android device updated to receive the latest security patches
How to report it
- Report phishing links to Brazil's SaferNet at denunciar.org.br
- Notify Correios about impersonation at correios.com.br/fale-conosco
- File a cybercrime complaint with the Polícia Civil or Polícia Federal
Frequently asked questions
What should I do if I clicked the link and installed an unknown app?
Immediately uninstall the app, run a mobile security scan, change all your banking passwords from a different device, and contact your bank's fraud line. Consider temporarily freezing your CPF via Receita Federal if personal data was entered.