So, yesterday I almost got scammed. And, I never have fallen into a scam. But this time it was so personal and accurate that I think there’s a leak in either DHL (probably not) or Onefinity / Kirbre enterprises inc. (Most likely)

While tracking my order online on the official DHL page I got a status update “temporally -ON HOLD-“ not long after that I received an email with the status “on hold” and that I need to confirm payment details… And a phishing link… those assholes. Luckily Firefox gave me a warning when I clicked the link. Besides of the “waybill” number (it was not described as tracking number) everything checks out. I also already paid taxes and douane fees (was asked trough SMS message, which also made me scratch behind the ears, but all information checked out. But in hindsight, this could also be a scam), but if I didn’t already paid it and Firefox did not warn me, I might have fallen in to the scam.

So, this is too much of a coincidence for a random scam mail (searched my inbox, and I have never received a scam mail from DHL). So the scammer must know my tracking number and my email address. I don’t think you can retrieve an email address from a tracking number? So the information might come from a leak somewhere by Onefinity… I’m not pointing fingers, and it wouldn’t be the first time a big (DHL size) company has there security breached. But most likely it’s the small start-up company with less than desirable security. I also did not fill in my tracking number on any other website than the official Dutch DHL site (screenshot), and the tracking link send from Onefinity.

Anyhow… Be warned when receiving your shipment. Check, double check, triple check anything before you make a payment.

I’ve also informed Onefinity about this.

1 Like

Thanks for the heads up, :+1:

1 Like

Sobering indeed. Recommend you send the raw email file (not what your app shows you) to Spamcop for analysis. This does seem highly targeted but if the waybill wasnot accurate, it is unlikely the information came from OF. Just pointing out another possible source for the information would your accounts/computer as well.

If it matters, I have received scam message masquerading as DHL, FedEx, UPS etc. Usually they are very obvious but occasionally they are well crafted.



Is it possible that they hacked your email and used the information found in previous emails to you to generate this?

It’s possible, it seems like a lot of work to scam me. They need to create a fake DHL website and a fake email specificly for me. No, this seems more like an automated process. Also the site pishing site was already blocked / warned by Firefox, so it looks like it was already a while online. Of course, it also could be that the already had a fake DHL site, but then they probably would use a new domain that was not blacklisted. And it would be a big coincidence that they hacked my mail and just received a DHL tracking code where they had a scamming site for.

Many thanks for your post satoer, im due delivery in a few weeks (early May), so will definitely keep an eye out for this, would not have crossed my mind to be honest so glad you brought it up