CERT Orange warns: DPD courier scam

23 April 2026 Poland Radar 0 Comments

CERT Orange warns of a DPD courier scam using fake emails and SMS to steal card data. Read tips for expats to avoid losses.

CERT Orange warns about a new courier-themed phishing campaign that impersonates DPD. Consequently, attackers send emails and SMS messages asking for a tiny fee to release a parcel.

Table of Contents

CERT Orange warns: how the DPD fake messages work

Scammers craft messages that claim a delivery problem. Moreover, they ask for a symbolic top-up of 1-2 zł. The message then links to a fake website that looks like DPD. In addition, the site shows invented tracking details to prove the claim. Next, victims type their address and phone number to “confirm” delivery. Then, the form asks for full card details. However, attackers often cite 3D Secure or PCI DSS to seem legitimate. Therefore victims may feel safe and proceed. Consequently, fraudsters drain cards for much larger amounts than the small fee promised.

Why this matters for residents and foreign nationals

Expats and newcomers often rely on online deliveries. Moreover, they may not know local courier routines. For example, Polish services rarely ask for tiny fees by SMS. In addition, many locals use PESEL (national ID number) for formalities. Therefore, stolen personal data can enable deeper fraud. Furthermore, criminals may exploit numbers and addresses to craft follow-up scams. However, victims can also lose money directly from their bank cards. Consequently, prevention matters for everyone using online shopping in Poland.

What CERT Orange and experts advise

CERT Orange found that the fake tracking numbers do not appear in the official DPD database. Moreover, attackers rely on low amounts to bypass suspicion. Therefore verify any notification before you act. First, copy the tracking number and paste it into DPD’s real tracking page. Second, ignore requests for micro-payments via email or SMS. Third, always check the browser address bar for typos or odd domains. In addition, never enter card details on a site you reached from a message link. Finally, call DPD’s official helpline if you doubt the notice.

💡 GOOD TO KNOW: If you live in Poland, keep public services in mind. For instance, ZUS (social security) or NFZ (national health fund) use official letters and websites. Therefore any unexpected request via SMS or email should raise suspicion. Moreover, if scammers take money, contact your bank immediately and report the case to Policja (police). In addition, you can file a complaint with UODO, the Polish data protection authority, if scammers misuse your personal data.

Reporting helps others. Moreover, inform family or roommates if you see a suspicious message. Therefore block the sender and do not follow links. In addition, enable two-factor authentication for your bank and accounts where possible. Finally, keep your system and browser up to date to reduce the risk of drive-by attacks.

Source: Read original article

📚 Looking for more help settling in Poland? Browse our complete Expat Guides.