DPD phishing page in Slovak detected

Posted byAnti-phishing Leave a comment on DPD phishing page in Slovak detected

DPD & Posta.sk Phishing – Fake “Funds Receipt” Scam with PS5 Lure (Slovak Variant)

This phishing campaign impersonates DPD and Slovenská pošta (Posta.sk) to target sellers on Slovak classified platforms (such as Bazar.sk). The scam uses a PlayStation 5 (PS5) as the fake item—a high-value, frequently sought-after product—to make the transaction seem plausible and urgent. The scam includes a fake chat support window to pressure the seller into entering credit card details.

How it works:
A seller receives a message—likely via Bazar.sk’s messaging system, SMS, or other chat app—from a supposed buyer claiming to have paid for the item. The message includes a link to the first phishing page.

Step 1 – Fake DPD & Posta.sk “Funds Received” Page
The first page displays:

  • DPD logo
  • A heading suggesting receipt of funds
  • A high-value item: PlayStation 5 (PS5) with a price in euros (€500)
  • Text referencing Posta.sk as a transaction guarantor
  • A button implying the funds have been received or can be claimed
  • A generic security badge (SSL/RSA)

Step 2 – Credit Card Harvesting Page with Fake Chat Support
After clicking the button, the seller is taken to a second page that:

  • Requests full credit card number, expiration date, and CVC
  • Displays the same transaction amount (€500) and a reference number
  • Includes a fake chat support window with pre-written messages
  • The chat messages claim to be from support, explaining that the buyer paid through Bazar.sk and that the seller must “link” their card to receive the payment

The goal:
The attacker steals the seller’s credit card details. There is no actual buyer or payment—the entire transaction is fabricated. The fake chat window is designed to answer objections and pressure the seller into completing the card form.

Red flags to watch for:

  • Illogical request for card details: A seller receiving money should never be asked to enter their credit card number, expiry date, and CVC. Receiving funds requires bank account details (IBAN) or a linked payout method—not card credentials.
  • Mixed branding: The page uses both DPD and Posta.sk branding, which is unusual—these are separate companies. A legitimate transaction would not involve both.
  • Fake chat support: The embedded chat window is not a live support feature but a scripted message. Legitimate shipping companies and classified platforms do not use pop-up chats on external pages to guide users through payment receipt.
  • Suspicious URL: The pages are hosted on a domain that is not dpd.sk, posta.sk, or bazar.sk. Always check the address bar.
  • High-value lure: The PS5 is a popular, often hard-to-find item. Scammers use such products to attract sellers and create urgency.
  • No account login required: A legitimate sale would appear in the seller’s Bazar.sk account dashboard after logging in. This scam bypasses account authentication entirely.

What to do if you encounter this:

  • Do not click any buttons claiming funds are ready.
  • Do not enter your credit card details, expiry date, or CVC on such pages.
  • If you are selling on Bazar.sk or similar platforms, always log into your account directly (by typing the official URL) to check for real sales and messages.
  • Never trust links sent by buyers claiming they have paid—especially those directing you to external pages.
  • If you have already entered your credit card details, contact your bank immediately to block the card and dispute any unauthorized charges.
  • Report the phishing page to Bazar.sk, DPD, and Slovenská pošta.

Why this scam is effective:
This scam combines multiple trusted brands (DPD, Posta.sk, Bazar.sk) to create a false sense of legitimacy. The PS5 is a highly desirable item with a realistic second-hand price (€500), making the transaction plausible. The fake chat support window adds a layer of “customer service” that can convince hesitant victims. The pressure to “link” a card to receive payment is presented as a simple technical step, lowering suspicion.

Protective measures:

  • Always verify any sale by logging directly into your Bazar.sk or other platform account—never through a link sent in a message.
  • Never enter credit card details to receive payment. Sellers provide payout details (bank account) during account setup; payments are processed automatically.
  • Be suspicious of any page that includes a pop-up chat window claiming to explain a payment process—legitimate platforms do not use such tactics on external pages.
  • If a buyer sends you a link to “claim” payment, treat it as a red flag and verify directly through the platform’s official app or website.
  • Enable two-factor authentication (2FA) on your email and any linked payment accounts.

Leave a comment

Your email address will not be published. Required fields are marked *