Fake Parcel Delivery Scams Targeting Philippine Mobile Users
Philippine mobile users receive fraudulent delivery notifications impersonating LBC Express, J&T Philippines, Lazada, and Shopee logistics, directing them to phishing sites that harvest GCash, Maya, and bank login credentials.
Part of: Fake Delivery Texts
Last reviewed: 1 June 2026
The Philippines' booming e-commerce sector — driven by Lazada, Shopee, and social commerce on Facebook — generates high volumes of genuine delivery notifications that scammers mimic closely. SMS phishing campaigns targeting GCash and Maya (PayMaya) users are particularly damaging because these mobile wallets hold everyday spending funds for millions of Filipinos.
The Cybercrime Investigation and Coordinating Center (CICC) and the Bangko Sentral ng Pilipinas (BSP) issue regular advisories about delivery-themed smishing that is specifically designed to capture e-wallet credentials rather than traditional bank account details.
How this scam works on Philippines
A recipient receives an SMS claiming their LBC or J&T package has a customs issue or incorrect address and must be resolved via a link within 24 hours. The link leads to a phishing page that either clones the carrier's site or presents a generic 'secure delivery portal' that requests GCash or Maya login details to pay a nominal fee.
Some messages specifically reference Shopee or Lazada order numbers to increase credibility. The victim enters their e-wallet credentials and the scammer immediately empties the GCash or Maya balance.
Facebook Marketplace delivery scam variants ask buyers to click a link to 'confirm their COD (cash on delivery) tracking details' — a link that harvests credentials or installs malware.
Common red flags
- SMS claiming a Lazada or Shopee parcel has a customs issue requiring GCash payment via a link
- Delivery tracking link leading to a site that requests your GCash or Maya PIN
- SMS referencing an order number for a package you did not order
- Facebook Marketplace seller asking you to click a link to confirm COD tracking
- Delivery notification arriving from an unusual long number rather than an official short code
How to protect yourself
- Track orders only through the official Lazada, Shopee, or carrier app — never via links in SMS
- Never enter your GCash or Maya credentials on any site reached via an SMS link
- Enable GCash and Maya transaction alerts to detect unauthorised access immediately
- Report suspicious SMS to your mobile carrier's spam reporting function
- Contact GCash support at gcash.com or Maya support if credentials may have been compromised
How to report it
- Report to the CICC at cicc.gov.ph or the NBI Cybercrime Division
- Contact GCash fraud support at 2882 or Maya at 02-7795-7777
- Report to the BSP Financial Consumer Protection Department at bsp.gov.ph
Frequently asked questions
Does Lazada or Shopee ever ask for GCash credentials to resolve delivery issues?
No. Lazada and Shopee delivery issues are resolved through the platform's own order management system — they never ask for GCash or Maya credentials via SMS links. If you have a delivery problem, go directly to the Lazada or Shopee app and contact in-app customer service.