“Cannot deliver your package”. IDBank warns about fake messages from ‘’HayPost’’

In Armenia, a wave of mass messages is being recorded that exploit trust in the national postal operator HayPost. Attackers use the expectation of the package as a fake reason to steal banking data or install spyware on users’ smartphones.

How the scam works: from SMS to full control of the device

The scheme begins with receiving an SMS, an e-mail or a massage in a messenger. The text always imitates an official notification: it reports a “mistake in the address” or the need to pay a small additional fee (usually 2000-3000 AMD) for customs clearance or storage.

In order to “solve the problem” the victim is asked to follow a link. From here the scenario splits into two dangerous paths:

• Stealing bank credentials. The link leads to a phishing website that looks identical to the HayPost interface. When attempting to “pay the additional fee,” the user enters full card credentials, including the three-digit code on the back of the card and the SMS verification code, effectively giving scammers access to their account.
• Installation of spyware. The user is offered to download an “official app” for tracking (often in .apk format for Android). In reality, it is a spyware, that gains an access to banking apps, intercepts passwords and allows scammers to remotely control the device.

Important detail: the message nearly almost lacks specifics. Such notifications usually don’t explain which particular package is being referred to: there is no specific tracking number, no exact sender information, and no other important details. The scam relies on inattention, haste and curiosity: ’’what if this is my package – I’d better fix it quickly.” 

Postal phishing is a global trend and its popularity among the scammers rises especially during holiday seasons and online sales. In Armenia, this scheme is considered critically dangerous: the Central bank and HayPost annually issue official warnings about fake domains. 

Legal trap

What makes this “postal” scheme especially deceptive is that the user voluntarily enters their data on a fake website. As the transaction is confirmed with a one-time password, the bank treats it as legitimate. In case of spyware installation, the situation becomes more complicated: voluntarily installing software from unverified sources removes financial institutions’ responsibility for subsequent transactions.

IDBank recommends:

Digital hygiene is the only reliable way to protect your money. Follow these rules:

• Check the domain. Official massages from HayPost come only from the haypost.am domain.  Any variations such as haypost.cc, haypost.click or hay-post.info – are a 100% sign of fraud.

• Do not follow links in messages. If you are really expecting a package, check its status on the official website by entering the tracking number manually or via the official mobile app, downloaded from the App Store or Google Play.

• No “additional fees” on third-party websites. Real postal services do not request small transfers via messengers for “address correction.”
• Use official support. If you have any doubts, contact with HayPost using the official number: 010 514514.

If you have already followed the link and entered your data or installed an app, immediately contact your bank using official channels and follow the support team’s instructions.

Remember: your financial security starts with your vigilance. Do not let fake notifications become a real threat to your budget.

IDBANK IS SUPERVISED BY THE CBA