Fake Package Tracking Scam – “Receive Funds” Card Harvesting (Swiss/German Variant)
This phishing campaign is designed to steal credit card details from users selling items online (likely on classified ad platforms such as Ricardo, Tutti, or Facebook Marketplace) in Switzerland and German-speaking Europe. The scam creates a fake shipment tracking interface and pressures the seller to “receive funds” by entering their card information.
How it works:
The victim (a seller) receives a message from a potential buyer claiming they have paid for the item and that the payment is being held by a shipping or escrow service. The buyer sends a link to this fake tracking page.
Step 1 – Fake Tracking Status Page (First Screenshot)
The page instructs the seller to ship the item after “receiving” funds.
Step 2 – Fake Package Details Page (Second Screenshot)
Step 3 – Credit Card Harvesting Page (Third Screenshot)
The goal:
The attacker steals the victim’s credit card details. There is no actual payment of 105 CHF waiting to be received—the entire transaction is fabricated. If the victim enters their card details, the attacker can make unauthorized purchases or sell the information.
Red flags to watch for:
- Illogical request for card details: To receive money, you never need to enter your credit card details. Receiving funds typically requires providing a bank account number (IBAN) or using a payment service (e.g., Twint, PayPal)—not a credit card number, expiry date, and CVC.
- Suspicious URL: The pages are hosted on domains that are not legitimate shipping or payment services. (From the visible URL bar in the first screenshot, the domain appears unrelated to any known Swiss shipping company.)
- Fake tracking status: The status text is poorly written (“Empfangen von Vergnugen” is not a standard DHL, Swiss Post, or other carrier status message).
- Copied footer content: The second page contains a footer about “traditional hutters of the land” (likely copied from an unrelated website), which has nothing to do with package delivery.
- No login or verification: Legitimate payment processes do not ask for full credit card details on a page reached via an unsolicited link.
- Price in CHF, but tracking in German: While Swiss shipping uses German, the overall design and errors suggest the page was not created by a professional Swiss company.
- Generic card form: The payment page lacks any recognizable payment processor branding (e.g., Stripe, Datatrans, PayPal) and does not use a secure payment gateway.
What to do if you encounter this:
- Do not enter any credit card details, expiry date, or CVC.
- Do not click “Submit” or any buttons on these pages.
- If you are selling items online, never click links sent by buyers claiming payment is waiting. Legitimate buyers pay through official platform mechanisms (e.g., Ricardo’s payment system, Twint, or cash on pickup).
- If you have already entered your credit card details, contact your bank immediately to block the card and dispute any unauthorized charges.
- Report the phishing page to the classified platform where the scam originated.
Why this scam is effective:
High-value items like the “Tripp Trapp” child’s chair are frequently sold on second-hand platforms in Switzerland and Germany. Sellers are eager to complete the sale and may not question a buyer who claims to have paid via an escrow or shipping service. The use of Swiss francs (CHF) and a real address in St. Moritz makes the scam appear locally relevant. The multi-step process with a tracking number and package details gives the illusion of a legitimate transaction.
Protective measures:
- Always complete transactions through the official payment system of the platform you are using.
- Never accept payment through links sent by buyers—insist on in-person cash, Twint, or platform-integrated payments.
- Remember: receiving money never requires your credit card information.
- If a buyer claims they have paid through a shipping company or escrow service, verify directly with the official website of that service using a URL you type yourself—never click links in messages.
- Be suspicious of any page that asks for your full credit card details outside of a well-known, trusted payment provider.