Ramblings of a Tampa engineer

Taking a trip back in time, I ordered a OnePlus 3T way back on November 22, 2016.


This would lead to the strangest series of text messages that I didn't fully research until a few weeks ago.

The first message nearly two years in the past (Friday, Nov 25, 2016) was:

I am a dhl agent , you have a package delivery today. If you are not going to be at home and want the package left please reply to this text: with your name, asking us to leave the package, address and package transfer number.

This felt weird for so many reasons. I've had hundred of packages delivered and never once had the delivery agent text me. It felt like a scam, but I did actually have a package out for delivery. I was going to be at work that day and didn't want to wait the entire weekend for the delivery of my new phone so for a brief moment I considered responding.

I then saw the text message included 19 other people. My phone was going crazy with notifications due to not being able to sustain a group chat of 20 people. Responses started coming in like the following.

Hello..I am will be at the address after 9pm until 5pm...if i am not there please leaved the box at the Animal hospital next to us

This was beyond strange, because of the mix of warnings and truth among each message. The grammar matched nothing of an American citizen, but the details within matched closely to my apartment, as my place is located near an animal hospital.

The details requested by the original message were as follows:

  • Name
  • Address
  • Package Tracking Number

With those three pieces of information you can "redirect" a package to a different address. I know, because thats all I needed when I moved a package to deliver to my work address instead of home.

At this point, I knew I wasn't going to respond to this text. It was clear that it was an attempt to steal my package. The phone didn't end up getting delivered until November 29, 2016 and the lady who delivered it, when asked, did not send those text messages.

It wasn't until two years later that I began looking into this again. Was this a hack on DHL? A hack on OnePlus? Who leaked what that someone knew I was getting a package? I began doing some analytics on the numbers also in the group chat.

Area Codes included in text message:

  • (813) - Tampa, FL - 14 times
  • (407) - Orlando, FL - 2 times
  • (646) - New York, NY - 1 time
  • (313) - Detroit, MI - 1 time
  • (239) - Cape Coral, FL - 1 time (sender)
  • (913) - Overland Park, KS - 1 time (me)

There was nothing consistent to draw a pattern and I wasn't about to call these numbers two years later to complete my research for a blog post. I did look into the single address that was posted in the text group and it was within 2 kilometers of my apartment.

Most of the text responses resembled that of spam emails, littered with grammar mistakes and barely readable English. Were some of the phone numbers in this group fake? Perhaps added by the sender to falsely validate the attempt to retrieve information.

As the text conversation continued in the past, it was a dice-roll whether the response made sense or not.

My Wife Will Be Home Delivery The To My Home

??? Who it is?

This is Zak with [redacted] r u sure u got the right number ?

I continued researching hacks against DHL and OnePlus and could only find a One Plus hack in November of 2017. The details of that hack put me outside the affected date range so I was back to the drawing board.

With the events being so far in the past, I decided to let it go. The lesson learned was simple - do not trust anything over email or text messages unless you are extremely positive it is legitimate. Had I responded with the requested details, I'm sure my package and brand new phone would have been redirected elsewhere and resold.

Featured image by Seb Creativo / Unsplash

You’ve successfully subscribed to Connor Tumbleson
Welcome back! You’ve successfully signed in.
Great! You’ve successfully signed up.
Success! Your email is updated.
Your link has expired
Success! Check your email for magic link to sign-in.