Where did I slip-up?

Audiolab 6000A Integrated Amplifier
K

Kapeel

Active Member
Joined
Jul 30, 2018
Messages
123
Points
28
Location
Hubli
Last week I purchased 2 items from the UK, one is shipped with RM and the other DPD. I have promptly received tracking nos. for both items from the sellers and right now I am simply waiting out the days for the items to reach India, clear customs etc. etc.

Last night out of nowhere I received two emails from an India courier DTDC, this email claims my parcel has reached their hub in the UK, email has a tracking no. and suggests I get in-touch with them for favourable rates (see below)

Since I was aware none of the sellers were shipping with DTDC first thing I did was check the tracking no. in the email, which obviously did not match with the tracking nos. I received from the sellers or their courier partners. Next I tried calling the Pune phone no. given in the email, which is unreachable and the line is busy from last night and the email originating address doesn't seem to be DTDC.

I have done my purchase as-well as all seller correspondence from my work computer, this kind of rules out any malware inherent at my end.

This has got me wondering where did I slip-up? Who has leaked by email id so close to purchase and shipping, which will obviously tempt someone to click on the tracking link in the email, than what ?

Screenshot_20220303-060654.png
 
Website and everything is absolutely fake
Please don't call any numbers or click any links
Yes , it would nice to know how these spammers came to know you are accepting a Uk parcel
How to find, unfortunately I don't have an answer for that
 
Kapeel said:
This has got me wondering where did I slip-up? Who has leaked by email id so close to purchase and shipping, which will obviously tempt someone to click on the tracking link in the email, than what ?
Click to expand...
Cross-website tracking. Always a good idea to sign out of webpages once you're done /before closing the tab.

But, links inside emails are the worst offenders. One way to be sure that you're opening an official link is to first check the domain name of the email address. E.g, if the email is from DTDC, then the email address domain will be @dtdc.com. (they could have multiple variation in these) If you don't recognise it, don't click on it.

Browser Isolation could help mitigate this. Quite simply the concept of using different browsers for different needs.

I use Chrome exclusively for only Google products; Mail, Maps, Drive etc. I do not use Chrome to browse.

Safari for all my browsing needs. On Safari I don't sign into any google sites, so google doesn't know the identity of the person using the Safari browser, even if i'm using Google search. I only sign-in in to my Bank websites in this browser.

Firefox for shopping needs; Amazon, Flipkart etc.

Brave; for all webpages that need signing in; except the ones mentioned above.

Any single browser cannot track, or read what the other browser is doing, so you're isolated, to some extent.

This isn't a fool proof method, but helps to a great extent. Browsers employ a method called fingerprinting, basically creating a profile of its users browsing habits linked to that particular browser.

Hope this helps, Cheers!
 
Kapeel said:
Last week I purchased 2 items from the UK, one is shipped with RM and the other DPD. I have promptly received tracking nos. for both items from the sellers and right now I am simply waiting out the days for the items to reach India, clear customs etc. etc.

Last night out of nowhere I received two emails from an India courier DTDC, this email claims my parcel has reached their hub in the UK, email has a tracking no. and suggests I get in-touch with them for favourable rates (see below)

Since I was aware none of the sellers were shipping with DTDC first thing I did was check the tracking no. in the email, which obviously did not match with the tracking nos. I received from the sellers or their courier partners. Next I tried calling the Pune phone no. given in the email, which is unreachable and the line is busy from last night and the email originating address doesn't seem to be DTDC.

I have done my purchase as-well as all seller correspondence from my work computer, this kind of rules out any malware inherent at my end.

This has got me wondering where did I slip-up? Who has leaked by email id so close to purchase and shipping, which will obviously tempt someone to click on the tracking link in the email, than what ?

View attachment 67685
Click to expand...
Also , pl. do avoid sharing screenshots showing the Email id publicly. One can just smudge or strikeout with bold lines to cover up full text.
like this.

1646279915344.png
 
aeroash said:
Cross-website tracking. Always a good idea to sign out of webpages once you're done /before closing the tab.

But, links inside emails are the worst offenders. One way to be sure that you're opening an official link is to first check the domain name of the email address. E.g, if the email is from DTDC, then the email address domain will be @dtdc.com. (they could have multiple variation in these) If you don't recognise it, don't click on it.

Browser Isolation could help mitigate this. Quite simply the concept of using different browsers for different needs.

I use Chrome exclusively for only Google products; Mail, Maps, Drive etc. I do not use Chrome to browse.

Safari for all my browsing needs. On Safari I don't sign into any google sites, so google doesn't know the identity of the person using the Safari browser, even if i'm using Google search. I only sign-in in to my Bank websites in this browser.

Firefox for shopping needs; Amazon, Flipkart etc.

Brave; for all webpages that need signing in; except the ones mentioned above.

Any single browser cannot track, or read what the other browser is doing, so you're isolated, to some extent.

This isn't a fool proof method, but helps to a great extent. Browsers employ a method called fingerprinting, basically creating a profile of its users browsing habits linked to that particular browser.

Hope this helps, Cheers!
Click to expand...
Almost same here,
Brave/vivaldi - for all personal identifiable sites. ( different machine - say no 1)
Chrome - limited to google products ( different machine - no 2 and 3).
Firefox - social /News etc ( another different junk machine/laptop/Linux - no 4 and 5 )
 
Mostly your contact details are sold out by someone where you bought the products. Happens frequently with international address. You should report this to the portal where you bought the products.
 
aeroash said:
Cross-website tracking. Always a good idea to sign out of webpages once you're done /before closing the tab.

But, links inside emails are the worst offenders. One way to be sure that you're opening an official link is to first check the domain name of the email address. E.g, if the email is from DTDC, then the email address domain will be @dtdc.com. (they could have multiple variation in these) If you don't recognise it, don't click on it.

Browser Isolation could help mitigate this. Quite simply the concept of using different browsers for different needs.

I use Chrome exclusively for only Google products; Mail, Maps, Drive etc. I do not use Chrome to browse.

Safari for all my browsing needs. On Safari I don't sign into any google sites, so google doesn't know the identity of the person using the Safari browser, even if i'm using Google search. I only sign-in in to my Bank websites in this browser.

Firefox for shopping needs; Amazon, Flipkart etc.

Brave; for all webpages that need signing in; except the ones mentioned above.

Any single browser cannot track, or read what the other browser is doing, so you're isolated, to some extent.

This isn't a fool proof method, but helps to a great extent. Browsers employ a method called fingerprinting, basically creating a profile of its users browsing habits linked to that particular browser.

Hope this helps, Cheers!
Click to expand...

This approach feels like quite a chore, anyways I shouldn't be picking holes if the system works for you.

Since there are no. of people on this forum buying gear from abroad, it seemed like the right thing to do was to highlight the incident for the benefit of others.

And I don't think my email was leaked at the sellers end, I believe DPD has its BPO operations in Pune, and it could have been leaked from there. Else DPD may be using DTDC as their customs clearing agent in India, someone at DTDC received an excel file with email address of recipients in India who in-turn passed it on to his friends and family.
 
Audio Technica AT-LP60X Fully Automatic Belt-Drive Turntable
Buy from India's official online dealer!

Similar threads

A
KEF LS50 Meta- buying journey and impressions
Replies
4
Views
3K
Passive_audio_enthusiast
Passive_audio_enthusiast
corElement
Yogibears' Time Machine: A 6BG6 SET Monoblock Tube Amp Review & Shootout
2
Replies
22
Views
6K
corElement
corElement
MasTerasTrix
SONIC PLUMBER -MYTH BUSTING EXPERIENCE ABOUT AUDIO CABLES
2
Replies
39
Views
30K
sachinchavan 15865
sachinchavan 15865
J
  • Locked
Where to report defected items received from fellow member.
10 11 12
Replies
227
Views
96K
arj
arj
kapvin
Caveat Emptor - Shiprocket
Replies
1
Views
557
ktks1
ktks1
Back
Top