Fake Shipment Tracking Scam – “Receive Funds” Card Harvesting
This phishing campaign is designed to steal credit card details from users selling items online (likely on classified ad platforms such as Sahibinden, Letgo, or Facebook Marketplace). The scam creates a fake shipment tracking interface and pressures the seller to “receive funds” by entering their card information.
How it works:
The victim (a seller) receives a message from a potential buyer claiming they have paid for the item and that the payment is being held by a shipping or escrow service. The buyer sends a link to this fake tracking page.
Step 1 – Fake Shipment Tracking Page (First Screenshot)
The page uses Turkish lira and location details to appear legitimate.
Step 2 – Credit Card Harvesting Page (Second Screenshot)
The goal:
The attacker aims to steal the victim’s credit card details. There is no actual payment of 3000 TRY waiting to be received—the entire transaction is fabricated. If the victim enters their card details, the attacker can make unauthorized purchases or sell the information.
Red flags to watch for:
- Illogical request for card details: To receive money (funds), you never need to enter your credit card details. Receiving funds typically requires providing a bank account number or using a payment service (e.g., PayPal, IBAN), not a credit card number, expiry date, and CVC.
- Fake tracking status: The status timeline claims “the package is paid” and “funds are waiting to be received,” but the seller is being asked to pay—this is contradictory.
- Suspicious URL: Both pages are hosted on domains that are not legitimate shipping or payment services. The URLs visible in the first screenshot (
dpd cz.info orders...from previous examples) indicate a pattern of phishing domains. - Generic payment page: The second page lacks any recognizable payment processor branding (e.g., Stripe, Iyzico, PayPal) and does not use a secure payment gateway.
- No actual buyer or order context: The seller has no way to verify the shipment or the buyer’s identity through legitimate channels.
- Poor design consistency: The first page mixes shipment tracking elements with a “receive funds” button, which is not how legitimate shipping or payment services operate.
What to do if you encounter this:
- Do not click “RECEIVE FUNDS” or enter any credit card details.
- Do not enter your card number, expiry date, or CVC on this page.
- If you are selling items online, never click links sent by buyers claiming payment is waiting. Legitimate buyers pay through official platform mechanisms or in cash upon pickup.
- If you have already entered your credit card details, contact your bank immediately to block the card and dispute any unauthorized charges.
- Report the phishing page to the classified platform where the scam originated.
Why this scam is effective:
In Turkey, classified ad platforms are widely used, and sellers often ship items after receiving payment. This scam exploits the seller’s expectation of a legitimate transaction by providing a fake tracking number and shipment status. The “funds are waiting to be received” message creates excitement and urgency, overriding the suspicion that receiving money should never require entering credit card details.
Protective measures:
- Always complete transactions through the official payment system of the platform you are using (e.g., Sahibinden’s “Güvenli Ödeme” system).
- Never accept payment through links sent by buyers—insist on in-person cash or official platform transactions.
- Remember: receiving money never requires your credit card information.
- If a buyer claims they have paid through a shipping company or escrow service, verify directly with the official website of that service using a URL you type yourself—never click links in messages.