Spammers and scammers are flooding the mail system with fake messages that are, for instance, “from DHL”. Just by sending out an enormous amount of messages, they will inevitably hit somebody who’s actually waiting for a DHL package and possibly get the scam rolling.
Some people leap to the conclusion that there must be a data breach somewhere, because it seems so unlikely that a scammer would target them just while they’re waiting for a package — but it’s just a numbers game. Nobody is really targeted. And you can usually tell that it’s a scam mail, since DHL has SPF, DKIM and DMARC set up, so the From address is usually something nonsensical and definitely non-DHL-ey.
But yesterday I got this email:
And, yes, I’ve ordered a new laptop from Lenovo, and it is a Thinkpad X1 Carbon Gen 10, and it is currently being shipped by UPS. So surely this can’t be a scam, can it?
But message is from email@example.com. Which is… er… not Lenovo, or UPS. The MAIL FROM is @spmailtechno.com. Which is something else again. And the Reply-To header says firstname.lastname@example.org:
Which… doesn’t seem to exist?
The link to track the package does not point to UPS, either, but to:
etc. And clicking on that link and opening it in Firefox gives me:
So this is totally a scam, right? Somehow? No matter how unlikely? Or has there been an actual data breach at Lenovo or UPS or somewhere?
But nope — the order number is actually my order number, and following the link eventually takes me to https://tracking.narvar.com/lenovo-eu/. Which Lenovo wants me to look at instead of the actual UPS tracking page, for some… strange reason:
OK, the reason isn’t so strange after all: Lenovo just wants to push more ads at me while I’m reloading the tracking page, and they can’t do that on the UPS tracking page.
Nice going, Lenovo — you’ve chosen a system to communicate with your customers that makes it virtually impossible to say whether the customers are being scammed or not.