Trendyol & Hepsiburada Phishing: Cum sa identifici Fake Shopping Scams in Turkey
Protect yourself from atac de phishings targeting Trendyol and Hepsiburada shoppers. Learn to identify fake delivery SMS, counterfeit checkout pages, and fake customer service scams.
Trendyol & Hepsiburada Phishing: Cum sa identifici Fake Shopping Scams in Turkey
Turkey's e-commerce market has exploded in recent years, with Trendyol and Hepsiburada processing millions of orders daily. This massive transaction volume has created a fertile hunting ground for inselaciune de tip phishingmers who impersonate these platforms to steal payment information, credentials, and personal data.
If you shop online in Turkey, you are a target. Here is how these scams work and how to protejeaza-te.
The Top E-Commerce Phishing Tactics
1. Fake Delivery SMS (Sahte Kargo SMS)
The most common attack vector. You receive an SMS like: "Trendyol siparisininiz kargoya verildi. Takip icin tiklayin: [malicious-link]." The link leads to a fake tracking page that asks for your card de credit details to pay a "customs fee" or "delivery surcharge."
These messages spike during major shopping events like 11.11 (Singles' Day), Black Friday, and Efsane Cuma promotions.
2. Counterfeit Checkout Pages
Scammers create pixel-perfect replicas of Trendyol and Hepsiburada checkout pages. Victims reach these pages through:
- Social media ads offering deals "prea bun ca sa fie adevarat"
- Google Ads that appear above legitimate search results
- Phishing emails with "order confirmation" links
3. Fake Customer Service Accounts
When shoppers post complaints on social media, scammers respond from accounts mimicking official support. They offer to "resolve" the issue by requesting order numbers, personal details, and even card information.
4. Vanzator Fals Storefronts
On marketplace platforms, scammers create stores with stolen product images and rock-bottom prices. Once you pay, the "seller" disappears. Some even send empty boxes or random items to generate a valid tracking number.
Cum sa identifici Legitimate vs. Fake URLs
This is the single most important skill for avoiding e-commerce phishing:
| Check | Legitimate | Suspicious |
|---|---|---|
| Domain | trendyol.com, hepsiburada.com | trendyol-siparis.com, hepsiburada-kargo.net |
| Protocol | Always HTTPS | May lack HTTPS or have certificate warnings |
| URL path | Clean paths like /orders/detail | Random strings, excessive parameters |
| Redirects | Direct navigation | Multiple redirects before landing |
| Certificate | Valid, issued to the company | Self-signed or issued to unknown entity |
Quick URL Verification Steps
- Do not click links in SMS or email. Open the Trendyol or Hepsiburada app directly.
- Check the domain carefully. Scammers use tricks like trendyo1.com (number "1" instead of letter "l") or hepsiiburada.com (double "i").
- Look for Turkish characters. Some fake domains use characters like "ı" or "ö" in ways that look similar to the real domain in a browser bar.
- Use the official app. Daca primesti a notification about an order, verify it through the official app, not through any link.
Anatomy of a Phishing Attack
Here is a step-by-step breakdown of how a typical Trendyol atac de phishing unfolds:
- Bait: Victim receives SMS about a "failed delivery" during a period when they actually have pending orders
- Click: The link opens a convincing Trendyol-branded page
- Harvest: The page asks for login credentials to "check order status"
- Escalate: After login, it requests card de credit details for a "redelivery fee" of 9.99 TL
- Drain: Scammers use the stolen credentials and card info to make purchases or sell the data
Seasonal Scam Calendar
Phishing attempts follow Turkey's shopping calendar:
| Period | Event | Common Scam Type |
|---|---|---|
| January | Winter sales (Kis Indirimleri) | Fake discount links |
| March | Women's Day campaigns | Fake gift card offers |
| June-July | Summer sale (Yaz Indirimleri) | Counterfeit checkout pages |
| August | Back to school | Fake delivery notifications |
| November | Black Friday / Efsane Cuma | All types intensify 3-5x |
| December | New Year shopping | Fake order confirmations |
Protecting Contul Tau and Payment Info
Enable All Security Features
- Trendyol: Enable autentificarea in doi pasi, set up login alerts, use the in-app wallet for payments
- Hepsiburada: Activate Premium security features, use Hepsiburada's own payment system (HepsiPay), enable notification preferences
Use Virtual Card de Credits
Many Turkish banks (Garanti BBVA, Isbank, Yapi Kredi) offer virtual card de credit services. Generate a temporary card number with a spending limit for online purchases. Even if the number is stolen, the damage is limited.
Review Your Saved Payment Methods
Periodically check and remove unused payment methods from your e-commerce accounts. The fewer cards stored, the smaller the attack surface.
Ce sa faci daca ai dat click pe un link de phishing
Daca suspectezi you have entered your credentials on a fake site:
- Change parola ta immediately on the real Trendyol/Hepsiburada site
- Contact your bank to block your card de credit if you entered payment details
- Enable 2FA if you have not already
- Check your order history for unauthorized purchases
- Report the phishing URL to Trendyol/Hepsiburada support and to USOM (National Cyber Incident Response Center)
- File a police report (e-Devlet or local police station)
Sharing Order and Payment Information Safely
Many Turkish users share order details, tracking numbers, and payment confirmations through WhatsApp or SMS when coordinating purchases for friends or family. This creates a trail of informatii sensibile that can be exploited.
When you need to share order credentials, tracking details, or payment confirmations, use LOCK.PUB to create a protejat cu parola memo. The recipient enters the password to view the information, and you can set it to automatically expire after they have seen it. No sensitive data lingers in chat histories.
Building a Scam-Resistant Shopping Habit
The best defense is a consistent routine:
- Bookmark the real Trendyol and Hepsiburada URLs and always navigate from bookmarks
- Install the official apps only from Google Play Store or Apple App Store
- Never enter payment information on a page you reached via a link in an SMS or email
- Verify all deals through the official app before acting on any promotional message
- Use protejat cu parola sharing tools like LOCK.PUB instead of plain text when sending informatii sensibile to others
Phishing scammers count on you being in a hurry. Slow down, verify, and protect your digital shopping life.
Shop smart, stay safe. When in doubt about a link, do not click — go directly to the app instead.
Keywords
You might also like
Shopee & Lazada Scams in Malaysia: Cum sa identifici Vanzator Falss and Phishing Attacks
Protect yourself from Shopee and Lazada scams targeting Malaysian buyers. Learn about vanzator fals schemes, order fraud, COD scams, and phishing tactics used on Malaysia's biggest e-commerce platforms.
Cum sa identifici Fake eMAG E-mail de Phishings and Texts in 2026
Learn to identify eMAG inselaciune de tip phishings, fake delivery notifications, and fraudulent order confirmations with our complete detection guide.
Pinterest Fake Shop Scams — Cum sa identifici Fraudulent Shopping Pins in 2026
Learn how to identify fake shopping pins on Pinterest, avoid fraudulent online stores, and protect your payment information from scam sellers.
Create your password-protected link now
Create password-protected links, secret memos, and encrypted chats for free.
Get Started Free