I got this text from “DHL”. It came to the same sms thread that normal DHL communication comes and coincidentally, I have an AliExpress package that the seller forgot to put my street number.

Combining the two, I decided to humour them and started following the link. Of course, I realised the Cyprus Post address is not the official one but DAMN that’s good quality fake website. Grammar was good, images good, even the footer with the copyrights!

Of course, they asked me to put my card to pay *only* €0.27 for service fees (as if you could pay Cyprus Post by credit card online)! I created a one-time use card on Revolut and put it in (knowing the one yime use card of Revolut always asks for verification). Yeap, they tried to charge me ~300 euros. Which of course I declined.

Now they are sending me desperate messages every couple of ours with “Last Reminder” etc.

by electr1que

7 comments

  1. a) The grammar is very obviously horrible. “Θα στείλουμε ξανά”? “Να Συνεχίσει”?

    b) -at.top in the URL and you didn’t close it immediately? This is not a good scam, it’s a good lesson learned for you. Easiest way ever to tell any scam apart is to look at the URL they’re trying to get you to click or in the case of phishing emails, without even looking at the URL, you can just look at the email. Never even have to bother looking at how convincing the site or the contents are

    c) Takes like 5mins for a close to 0 programming knowledge newbie to copy paste the html code of a site to clone it. Hell there’s even tools that do it for you. Nothing about that is impressive.

    Bad scam. You fell for it due to a combination of bad security practices and coincidental circumstances that made you think there was an actual issue. You should know that with more savvy hackers, as soon as you click on a link it can already be game over without having to actually interact with the landing site at all (trojan, ransomware, crypto miners etc). The lesson here is to not click on it in the first place. Seeing a shortened URL like in your screenshot should be a red flag and you should never click on it if you can’t verify what the landing URL is without actually making your browser go there. You can right click, copy link address, paste somewhere to view it and then decide what to do which in 99% of cases is ignore it, close, report as phishing.

  2. Around 10 people I know got this. Mostly people who have Epic network. So it was Cyprus wide, I guess lots of people would have gone through. Let’s hope the scammers get caught.

  3. Got this today and since a package I was expecting failed to deliver I thought it was legitimate.

    1. It was from the actual DHL number which have sent me verification and postage delivered messages before

    2. Connection was secure

    3. It had links towards and the format of the official cyprus post website. The thing that made me question it is the phrasing and the text. “Το όνομα σου” (No form does that), lowercase letters in title, etc.

    I called the official number to question it and they told me it was a scam.

  4. Good quality? My friend, the URL was dvfdhsjfyxu and you decided it was a good idea to click on it?

  7. [I got this as well](https://ibb.co/bJCN0tP)

    But wtf it blended well into the other notifications from DHL which are genuine. Even truecaller says these messages are 100% secure.

Leave a Reply