Deutsche Post phishing page detected

Posted byAnti-phishing Leave a comment on Deutsche Post phishing page detected

Deutsche Post Phishing – Fake Shipment Tracking & Card Harvesting Scam (German Variant)

This phishing campaign impersonates Deutsche Post, the national postal service of Germany. The scam creates a fake shipment tracking page for a second-hand item (a children’s bicycle) to convince a seller that a buyer has paid and the item is ready to be shipped. The victim is then directed to a credit card harvesting page to “receive” payment.

How it works:
A seller receives a message—likely via a classified platform (e.g., eBay Kleinanzeigen) or messaging app—from a supposed buyer claiming to have paid for an item. The buyer sends a link to the first phishing page.

Step 1 – Fake Deutsche Post Shipment Tracking Page
The first page displays:

  • Deutsche Post branding and navigation elements copied from the legitimate website
  • A shipment tracking result showing:
  • A product: a children’s bicycle (PUKY brand)
  • A delivery address in Germany
  • An amount in euros (€100)
  • A fake tracking/reference ID
  • The layout mimics Deutsche Post’s official tracking interface

Step 2 – Customer Service Information Page
The second page displays:

  • Legitimate-looking Deutsche Post customer service phone numbers and hours
  • Footer links including imprint, privacy, and legal notices copied from the real Deutsche Post website
  • This page is designed to add credibility, making the overall scam appear more legitimate

Step 3 – Credit Card Harvesting Page
The third page is a payment form that:

  • Uses Deutsche Post branding (with a typo in the domain name and page title)
  • Displays the same amount (€100) and reference number
  • Requests:
  • Full credit card number
  • Expiration date (MM/YY)
  • Phone number
  • Includes a “Send” button and claims of secure encryption

The goal:
The attacker steals the victim’s credit card details along with their phone number. There is no actual buyer or payment—the entire transaction and tracking information are fabricated.

Red flags to watch for:

  • Illogical request for card details: A seller receiving money should never be asked to enter their credit card number, expiration date, or phone number. Receiving funds requires bank account details (IBAN) or a linked payout method—not card credentials.
  • Domain mismatch: The third page shows a URL that is not deutschepost.de. The legitimate Deutsche Post domain is deutschepost.de—any variation (misspellings, extra words, different TLDs) is a red flag.
  • Typo in branding: The third page contains a typo (“dentschpost” instead of “Deutsche Post”), a clear indicator of a fake page.
  • Mixed purpose: The first page presents shipment tracking information, but the final page asks for card details to “receive funds.” These functions are unrelated in legitimate postal services.
  • No login required: A legitimate shipment tracking or payment process would not ask for credit card details without first logging into a verified account.
  • Copied content: The second page contains real Deutsche Post customer service numbers and legal text, but it is hosted on the phishing domain—attackers often copy such content to appear authentic.

What to do if you encounter this:

  • Do not enter any credit card details, expiration date, or phone number on such pages.
  • Do not click any buttons claiming to “receive” funds or complete a transaction.
  • If you are expecting a payment for an item sold online, never use a link sent by the buyer. Instead, arrange payment via bank transfer (IBAN), PayPal (by logging into your account directly), or cash on pickup.
  • If you have already entered your credit card details, contact your bank immediately to block the card and dispute any unauthorized charges.
  • Report the phishing page to Deutsche Post’s security team.

Why this scam is effective:
Deutsche Post is a trusted institution in Germany, and its tracking service is frequently used for shipments from classified platforms. The scam combines multiple familiar elements: a realistic product (children’s bicycle), a plausible price (€100), and a fake tracking page that mimics the official Deutsche Post interface. The inclusion of real customer service numbers and legal footers adds to the illusion. Sellers who are eager to complete a sale may not question why they are being asked for card details to receive money.

Protective measures:

  • Always verify tracking information by typing deutschepost.de directly into your browser and entering the tracking number manually—never through a link.
  • Never enter credit card details to receive payment. Sellers should provide their IBAN or PayPal email address directly to the buyer, and payments should appear in the seller’s account without further action.
  • Be suspicious of any message that creates urgency and directs you to an external page to “claim” payment or “complete” a shipment.
  • If a buyer sends you a link to a Deutsche Post tracking page, independently verify the tracking number on the official website.
  • For classified transactions in Germany, prefer local, cash-on-pickup transactions, or use the integrated payment system of the platform (e.g., eBay Kleinanzeigen’s “Sicher Bezahlen”).

Leave a comment

Your email address will not be published. Required fields are marked *