Scammers preparing for Christmas - beware of the fake DHL parcel emails

by Alice Woods - - 2018-11-05

Experts warn about email scams mimicking DHL shipment notifications

Fake emails mimic DHL shipment notifications Scam email campaign mimics DHL shipping notifications and lures people to enter their personal information.

According to the MailGuard's report, scammers have started spreading fake emails mimicking DHL notifications about shipped goods^[1]. The scam was noticed at the end of October when Australians' inboxes were flooded with emails that contain a tracking number and various links/attachments suggesting users see tracking details and similar details about delivered goods.

The subject line for these emails reads “DHL Shipment AWB:” and contains a number that resembles the real shipment number used by DHL company. Additionally, the fake email provides a few links to the alleged tracking information and attached document with the schedule of delivery.

When the user clicks on the provided link, traffic is redirected to a questionable DHL page that suggests people enter their email addresses, passwords or different personal information,^[2] so it is believed that the primary purpose of the scam is to collect users' details. Although the sender is DHL Shipment, the mailbox used to send these emails appears to be compromised.

The main danger behind the scam DHL email – privacy issues

Since the main purpose of these email scams is to collect information about users, entering your logins, passwords, financial information, and other personally identifiable data is the most dangerous thing you can do. Later on, scammers can use this information to sign victims up for malicious services, log in to such sites as PayPal or similarly use social engineering for further crimes.

There might be different variants of the fake DHL email that contains such features:

links loading blank pages;
hyperlinks redirecting to phishing^[3] sites;
links automatically downloading malicious files to the system;
direct malware downloads;
telephone numbers asking you to contact the company's support line.

To protect yourself, you need to pay more attention to emails you receive because there might be a lot more than just a commercial email. As MailGuard wrote:

We all love getting something (aside from a bill) in the mail, and with online shopping more popular than ever, it’s sometimes hard to keep track of what parcels we’re expecting.

Unfortunately, the use of your personal information may differ from scammer to scammer. There is a possibility that you may get yet another spam email containing more prominent malware like ransomware that demands a ransom or malware that opens backdoors for hacker directly.

Not the first parcel delivery scam this year using the name of DHL

MailGuard alone has already reported about similar scams involving DHL. In May 2018, researchers noticed messages asking victims to enter their login information for parcel tracking.^[4] Once the user entered the required details in the provided form, scammers collected the personal data for later use. Some victims have also been offered to download the attached file from a link that supposedly contained shipping information. However, as the further research revealed, the file contained Trojan malware.

DHL has also reacted to this incident and released a statement where they warned customers about similar scams and advised people to check such emails more thoroughly. The company stated in their report:

Please be advised that if you received an email suggesting that DHL is attempting to deliver a package requesting that you open the email attachment in order to affect delivery, this email is fraudulent, the package does not exist and the attachment may be a computer virus.

Email scams mimicking the parcel shipping companies are often used by cybercriminals, especially when shipment services and people around the world get busier each day. You should be especially careful during the time around Black Friday, Cyber Monday, Thanksgiving, Christmas, Easter, and Boxing day, and take precautionary methods to protect yourself from unexpected consequences.^[5]

About the author

Alice Woods - Likes to teach users about virus prevention

Alice Woods is the News Editor at 2-spyware. She has been sharing her knowledge and research data with 2spyware readers since 2014.

Contact Alice Woods
About the company Esolutions

References

^ Daniel McShang. Fake email parcel scam mimics DHL. Mailguard. Predictive email security.
^ Steven Petrow. You're sharing your cell phone number too frequently. USAtoday. Latest world and US news.
^ Phishing and other online identity theft scams: don't take the bait. Finra. Non profit organization for industry professionals.
^ A DHL delivery whichis nothing but malware - Windows users warned of email attack. Nakedsecurity. Computer security news, advice and research.
^ Brandon Vigliarolo. 6 tips for avoiding phishing, malware, scams, and hacks while holiday shopping online. Techrepublic. News, tips, and advice for IT professionals.

Read in other languages

• Français