So, yesterday I almost got scammed. And, I never have fallen into a scam. But this time it was so personal and accurate that I think there’s a leak in either DHL (probably not) or Onefinity / Kirbre enterprises inc. (Most likely)
While tracking my order online on the official DHL page I got a status update “temporally -ON HOLD-“ not long after that I received an email with the status “on hold” and that I need to confirm payment details… And a phishing link… those assholes. Luckily Firefox gave me a warning when I clicked the link. Besides of the “waybill” number (it was not described as tracking number) everything checks out. I also already paid taxes and douane fees (was asked trough SMS message, which also made me scratch behind the ears, but all information checked out. But in hindsight, this could also be a scam), but if I didn’t already paid it and Firefox did not warn me, I might have fallen in to the scam.
So, this is too much of a coincidence for a random scam mail (searched my inbox, and I have never received a scam mail from DHL). So the scammer must know my tracking number and my email address. I don’t think you can retrieve an email address from a tracking number? So the information might come from a leak somewhere by Onefinity… I’m not pointing fingers, and it wouldn’t be the first time a big (DHL size) company has there security breached. But most likely it’s the small start-up company with less than desirable security. I also did not fill in my tracking number on any other website than the official Dutch DHL site (screenshot), and the tracking link send from Onefinity.
Anyhow… Be warned when receiving your shipment. Check, double check, triple check anything before you make a payment.
I’ve also informed Onefinity about this.