Security at DPD.

Security at DPD.

We regret that there are repeated illegal attempts to misuse the DPD brand in order to defraud third parties. Here you will learn the main details about current risks relating to the Internet and emails, and how you can protect yourself against them.

Please note:

DPD accepts no liability for damage which arises from the unauthorised use of our name or brand. This applies in particular to demands for payment which are made with fraudulent intentions.

If you wish to ask a question or provide information you can contact us directly at any time.

Security information

Warning: fraudulent SMS / text messages

At present there are an increasing number of fraudulent text messages in circulation in which the DPD brand is misused by third parties. The text messages inform the recipient that a parcel shipment is about to arrive. The text contains a link to a website which is supposed to lead the consignee to live parcel tracking. In reality, however, the recipients of the messages are led via such links to pages that contain malware.

Please pay close attention to the form and content when you receive supposed parcel notification text messages.

DPD only sends text messages from the number +49 177 1787807.

Furthermore, links contained in a text message officially sent by DPD always begin with the following domain structure: http://nd.dpd.de

Text messages sent with fraudulent intent, on the other hand, originate from regularly changing numbers and use unusual third-party domains. In addition, fraudulent text messages often refer to the company as 'DPD Germany', a form of words which DPD does not use in German communication with shippers and consignees.

Under no circumstances should you click on links in messages which you can't identify or which seem suspicious to you. If in individual cases you are unsure whether a message actually originates from DPD and is harmless, we will be happy to help at any time at [email protected].

DPD accepts no liability for damage caused by fraudulent text messages with links to malware.

Warning in connection with fake emails

There are currently an increasing number of emails in circulation in which the DPD brand is misused by third parties. A large number of these are emails which appear to originate from DPD because of their sender address (for example with the sender: [email protected]). In fact, however, these fake emails have attachments containing malware. This is particularly true of attachments in the outdated .doc file format.

Please pay close attention to any suspicious features in alleged DPD emails:

  • Under no circumstances does DPD send mail attachments in the outdated .doc format.

  • The fake emails often contain other external email addresses which have no recognisable connection with you or with DPD.

  • Spelling mistakes or an unusual form of address can also be a sign of fake emails.

  • Before opening any attachment, ask yourself whether you really expect information from DPD which might be found in the attachment.

Please delete any emails which you cannot identify or which seem suspicious to you. If in individual cases you are unsure whether a message actually comes from DPD and is not dangerous, we will be happy to help you at [email protected].

DPD accepts no liability for damage caused by fake emails containing a malicious code.

Fraudulent emails on the subject of import charges

With fraudulent intent, emails which request payment of value added tax and/or import fees are currently circulating. According to these fraudulent mails, payment is to be made with a "Paysafecard" which is subject to charges.

IMPORTANT: DPD expressly points out that this is an improper use of the DPD trademark and an attempt at fraud. DPD does not send out payment requests in this form. Please do not comply with such requests and under no circumstances should you follow any links in the emails. DPD accepts no liability whatsoever for any damage caused by such attempts at fraud.

However, in certain circumstances it may happen that DPD actually asks you to pay customs duties before a parcel can be delivered. If you are therefore unsure in individual cases whether a message actually originates from DPD and is legitimate, you can contact us at any time at [email protected].

Security notice: payment requests can be attempted fraud

Caution with requests for payment

To our great regret the DPD brand is repeatedly misused with the aim of committing fraud. This takes the form of parcel consignees or shippers being asked to make payments for a variety of reasons. They claim that this is the precondition for the delivery by DPD of a parcel destined for the consignee, or for some other service. The following examples have recently been used on a regular basis:

  • Offers on online real estate portals, where it is claimed that DPD acts as an intermediary

  • Offers from car buyers for whom it is claimed that DPD acts as an intermediary

  • Payment of charges and additional fees for the import of a parcel

  • Payment of insurance fees so that an alleged pickup by DPD can take place.

Payment is often to be made with prepaid services such as Neosurf, iGift or Paysafe. DPD does not work with these service providers at any point. Often, however, there is an attempt to create this impression, for example by simulating what are supposed to be DPD websites and/or email addresses.

IMPORTANT: DPD would like to point out explicitly that the situations which are described above are an abuse of the DPD brand and an attempt at fraud. DPD does not send out payment requests in this form. Please do not comply with such requests and under no circumstances should you follow the corresponding links in the emails. DPD accepts no liability whatsoever for any damage or loss which is caused by such attempts at fraud.

In some circumstances, however, it may in fact be necessary for the consignee to make a payment before a parcel is delivered, especially in the case of payment of customs duties on parcels which are imported from countries outside the EU. As a result, if you are unsure in individual cases whether a message actually comes from DPD and is legitimate, you can contact us at any time at [email protected].

Fake invoice emails

Recently emails have been circulating which claim to be from DPD and require people to download invoices in CSV format. The emails are formulated ungrammatically and generally have the following or a similar subject line:

“DPD e-invoice: for A.N. Other new invoices created: 1234567890“

IMPORTANT: DPD expressly wishes to point out that this represents misuse of the DPD brand and is attempted fraud. DPD does not send bills as a CSV download. Please do not click on the corresponding links! DPD accepts no responsibility for any damage which arises from such attempts at fraud.

If in an individual case you are not sure whether a message really comes from DPD and can be trusted, you can contact us at any time at [email protected].

IT security problem

If you would like to report a security issue you may report it to CERT LA POSTE by mail with the following object: [SECURITY-ALERT]

Unless you have specific information about a Bug Bounty program regarding this site, our sites have, as a generic rule, no specific Bug Bounty program. Nevertheless, you still can reach us to make Internet safer.

Contact: https://www.trusted-introducer.org/directory/teams/cert-la-poste.html

Latest update: 04/2021