Engineering and Technology
| Open Access |
DOI: Investigation of a Courier Brand Impersonation Scam: A Case Study of the CDEK Delivery Fraud
Amal Mammadov , Independent Cybersecurity Researcher and Security Operations Practitioner Vilnius, LithuaniaAbstract
Courier-related phishing and impersonation scams have become a persistent threat, exploiting user trust in logistics providers and the rapid growth of e-commerce. This article presents a detailed case study of a delivery scam that impersonated the international courier company CDEK. The investigation reconstructs the full attack chain, beginning with initial social engineering via telephone contact and continuing through the use of a fraudulent web domain designed to harvest sensitive information. Technical artifacts including domain registration details, TLS certificate misuse, web content structure, and interaction flow are analyzed to illustrate how attackers combine psychological manipulation with low-cost technical infrastructure. The study highlights common weaknesses in user awareness, brand protection, and domain abuse monitoring that enable such scams to succeed. Based on the findings, practical detection indicators and mitigation recommendations are proposed for security teams, domain registrars, and end users. The case demonstrates how real-world incident investigations can contribute actionable insights into modern phishing operations and complement existing academic research on social engineering and online fraud (Cloudflare, 2025; Let’s Encrypt, 2021).
Keywords
phishing, social engineering, brand impersonation, online fraud, domain abuse, cybersecurity investigation
References
Anti-Phishing Working Group. (2025, August 28). Phishing Activity Trends Report, 2nd Quarter 2025. https://docs.apwg.org/reports/apwg_trends_report_q2_2025.pdf
CDEK. (n.d.). Отслеживание отправлений [Shipment tracking]. https://www.cdek.ru/ru/tracking/
Cialdini, R. B. (2006). Influence: The psychology of persuasion (Rev. ed.). Harper Business.
Cloudflare. (2025, January 15). Cloudflare SSL/TLS. https://developers.cloudflare.com/ssl/
Daigle, L. (2004). WHOIS Protocol Specification (RFC 3912). Internet Engineering Task Force. https://datatracker.ietf.org/doc/html/rfc3912
EMVCo. (n.d.). EMV® 3-D Secure. https://www.emvco.com/emv-technologies/3-d-secure/
Hadnagy, C. (2018). Social engineering: The science of human hacking (2nd ed.). Wiley.
Internet Corporation for Assigned Names and Numbers. (n.d.). ICANN Lookup. https://lookup.icann.org/
Jakobsson, M., & Myers, S. (2006). Phishing and countermeasures: Understanding the increasing problem of electronic identity theft. Wiley. https://doi.org/10.1002/0470086106
Let's Encrypt. (2021, February 12). About Let's Encrypt. https://letsencrypt.org/about/
Mitnick, K. D., & Simon, W. L. (2002). The art of deception: Controlling the human element of security. Wiley.
Verizon. (2025). 2025 Data Breach Investigations Report. https://www.verizon.com/business/resources/Tea/reports/2025-dbir-data-breach-investigations-report.pdf
Download and View Statistics
Copyright License
Copyright (c) 2026 Amal Mammadov
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors retain the copyright of their manuscripts, and all Open Access articles are disseminated under the terms of the Creative Commons Attribution License 4.0 (CC-BY), which licenses unrestricted use, distribution, and reproduction in any medium, provided that the original work is appropriately cited. The use of general descriptive names, trade names, trademarks, and so forth in this publication, even if not specifically identified, does not imply that these names are not protected by the relevant laws and regulations.