Search TorWire

Find cybersecurity guides and research articles

Home > News > Cybersecurity > French Delivery Phishing Scam Uses Photos and Voice Messages to Trick Victims

French Delivery Phishing Scam Uses Photos and Voice Messages to Trick Victims

By: Morgan Cipher Senior Privacy Journalist

Last updated: June 11, 2026

Human Written
French Delivery Phishing Scam Uses Photos and Voice Messages to Trick Victims
  • Numerama shared a report recently about a new phishing campaign that combines SMS messages plus image attachments & voice recordings targeting the delivery system.

  • The scammers tried to make their fraudulent delivery notifications attempts to appear more credible using many forms of media instead of just text.

  • Security observers warn that as people continue to use contents AI generates for them, phishing campaigns will now seem more convincing & very for targets to identify.

According to a report from Numerama, a French online news outlet, delivery-themed phishing scams have taken a surprising step forward.

The publication recently took a closer look at a fraudulent SMS campaign that is going beyond the normal text-based messages people receive from delivery companies.

Fraudsters designed the scam to mimic communications from a legit delivery service & create a more believable scenario of legitimacy for their potential victims.

While delivery impersonation scams are already popular in the internet communities as a form of phishing, this addition of multimedia elements is pointing at an imminent wider damage.

Scam Messages Now Include Photos and Voice Recordings

According to the reports Numerama shared, the new phishing campaign is targeting users in France and it is actually mimicking the delivery company Mondial Relay.

Numerama got a first hand experience of this new style on June 8, 2026. The scam starts by sending a text message to the target with claims that it is coming from a delivery driver who is finding it difficult to drop off a package successfully.

Unlike what happens in traditional delivery-themed phishing attempts, this message will now include more content which the bad actors designed to make the target believe this interaction is genuine.

In the example which Numerama reviewed, the recipient did not just receive only a text message but also got a photograph that showed parcels the company was loading into what appears to be a delivery vehicle. The criminal posing as the company also sent a voice recording from a purported courier to the target. 

All these contents together, the image plus audio message and even the text aimed at reinforcing the impression that a real delivery was underway & that the sender was truly a legitimate employee of Mondial Relay making a legitimate attempt to get in touch with the recipient about a package.

According to the post, this recent combination of text, audio plus image, shows a new evolution from cybercriminals in delivery-themed fraud campaigns.

The image they send is just to make the target believe there is a real delivery attempt going on while the voice message they add is to bring in a little human element which the old phishing texts never had.

Rather than asking the target to make payments or sending them to a website, the scammers now try to appear legit first and gain trust.

With such an approach, the target will strongly believe the people reaching out to them is the actual courier that is experiencing some glitches in the delivery attempt rather than a cybercriminal behind a dangerous phishing campaign.

Instead of the criminals sending suspicious messages about shipping fees that the target hasn’t paid or that the deliveries they tried to make failed, they now start asking the target some questions that appear harmless.

They could ask them if they are at home or any other random question that could make the target relax, respond and continue in the conversation.

Once the bad actors have engaged the target successfully, he will continue the interaction that seems harmless and gradually direct the unsuspecting victim to a fraudulent website.

The delivery person could tell the victim that the package they are supposed to send them did not fit in the mailbox & invites them to reschedule the delivery through a link and that’will be the scammer’s den.

The link bad actors embed in the SMS takes the target to a website that seemingly appears as a Mondial Relay site, but the URL is not the same with the official domain mondialrelay.fr.

By using the combination of a delivery-themed picture plus a voice message, bad actors will remove any doubts that the targets would have if it was just an SMS.

Numerama stated that before now, threat actors were already using images from AI but adding voice recordings marks another step in making the messages appear believable.

French citizens are also facing other cyber threats. Hackers claim a massive leak of French healthcare data, though authenticity remains unverified, it highlights the targeting of French personal information.

Bad Actors Changes Approach, But Recipients Can Still Stay Safe 

The ultimate goal that the bad actor has is still the same even though they have changed their approach to reaching it.

They still want to trick users into adding their banking details to the malicious site under the pretext that they need to pay what could be a “re-delivery fees,” identity verification costs, or charges for package rescheduling.

According to the French news site, Mondial Relay, it has not added this specific campaign to its official page where it lists confirmed active scam alerts.

Notably, the company has a public page where it shares its tracking of ongoing fraud attempts, and Mondial Relay always reminds customers that it never asks them to make payments through SMS or send them an email to unlock, or even try to redirect them, or reschedule parcels. Also, it doesn’t send official communications from mobile phone numbers.

If the customers have any doubts, Mondial Relay advises them to verify the status of every shipment directly through the official app or website.

So when recipients receive an unexpected delivery notification, they should be more careful, even when messages have all three contents, photographs, voice recordings, or other supporting media.

Share this article

About the Author

Morgan Cipher

Morgan Cipher

Senior Privacy Journalist

Morgan combines a journalist’s curiosity with a security specialist’s precision. His reporting on data breaches, privacy laws, and encryption tech has been featured in several tech publications. At TorWire, he focuses on real-world threats and how to counter them, always with an eye on what’s next in digital privacy.

Comments (0)

No comments.