MailGuard 10 July 2023 11:51:53 AEST 6 MIN READ

Be Alert for Phishy Order Shipping Emails

Be alert for emails claiming to be from, about an order being shipped via DHL. They might be the latest scam that’s targeting inboxes. The email, shown below, appears to be from ‘Catch Australia Partners’, with the subject ‘Your order (#89416363) has been shipped!’.

For those that eagerly click through to learn more, it informs them that their order has been shipped and includes a tracking link for the recipient to track the package. By comparison with other scam emails, the tone is somewhat understated and may entice some curious or confused recipients to click through to find out more. It includes the logo and contact details to feign authenticity, and the recipient’s name is inserted into the sending email address after ‘Tracking’ to further boost its perceived legitimacy.


After clicking through on the tracking link, things start to get more ‘phishy’, pardon the pun. Users are advised that ‘customs duties / taxes’ are owed on the package before it can be shipped, with a DHL workflow to process the nominal payment amount. And, the amount is formatted as ‘3,19 AUD’, which will be unfamiliar and a red flag for many Australian recipients.


After clicking ‘Continue’, the next page requests that the recipient enter their delivery address, along with their date of birth and telephone number.


By clicking the red ‘Next’ button, the workflow progresses to the shopping cart where users will likely ignore the ‘coupon code’ option, as they are prompted to select their preferred bank. Again, a small giveaway to the scam on this screen, with a VAT link, which doesn’t correspond with a typical AUD payment. And of course, more unusual is the requirement to select you bank when making the payment.



For those that advance further in the payment process, they are prompted to log in with their banking credentials, with examples for the NAB (National Australia Bank) and CBA (Commonwealth Bank of Australia) phishing interfaces shown below.






Parcel delivery scams are among the most common types of phishing attacks. This one impersonating, likely incorporates the DHL workflow as it is arguably the most popular with scammers. For examples of other scams impersonating DHL, check out these from September 2022, August 2022, July 2022, and May 2022.

MailGuard advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its financial well-being.     

MailGuard urges users not to click links or open attachments within emails that:       

  • Are not addressed to you by name.       
  • Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.       
  • Are from businesses that you were not expecting to hear from, and/or       
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.      

Many businesses turn to MailGuard after an incident or a near miss, often as a result of an email similar to the one shown above. If unwanted emails are a problem for your business, don’t wait until it’s too late.  

Reach out to our team for a confidential discussion by emailing or calling 1300 30 44 30.

One email is all that it takes     

All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.     

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.  

Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.  

Keep Informed with Weekly Updates