| Checked my emails, didn't find anything, but looking through gmail spam box, I got a DHL one: Subject: Your parcel was not able to be delivered Sender: contact <hello@namecheap.com> > Dear Client, > We regret to inform you that your parcel was not able to be delivered on the specified date, xx/02/2023. The parcel is currently located in the DHL warehouse near your town. > The reason for the delay was that the sender did not pay the necessary fees for the delivery. To avoid the parcel being returned, we ask that you pay the fee of 6.xx USD. You can track your parcel and pay the fee by clicking the tracking button. > Track and Pay >>
> DETAILS > Order number: xxxxxxxxxxxx > Total: (x.xx USD) > Delivery is planned between: xx.02.2023 - xx.02.2023 > Once the fee is paid, we will be able to deliver the parcel . We apologize for any inconvenience caused and thank you for your understanding. Sincerely, > The DHL Team Link URL is: https://links.namecheap.com/u/click?_t=[long tracking info redacted] Tried following the link in TOR and on a virtual machine, both get just a 2 word "Unauthorized Access", but it redirects to: hxxps://accomplish-delivery . mysafebridge . info/WorldwideDelivery0/auth/dhl/index.php?utm_source=Iterable_Marketing&utm_medium=email&utm_campaign=MKTG_CRM_Welcome_Hosting_D5_WF_20221118 Slightly modified it to make it non-clickable |
Hopefully no one falls for these, sneaky to hind the redirect behind the links.namecheap