FREE TRIAL
MailGuard 21 October 2021 16:46:52 AEDT 9 MIN READ

Beware: Fake DHL Phishing Email Claims 'Your shipment is on its way'

Update: Due to their large customer base, DHL are frequently targets of impersonation. If this email differs from the one you've received, you may want to check out the most recent one from May 2022

Recipients of an email with the subject, ‘Your shipment is on its way’ purporting to be from ‘DHL Customer Care’, are strongly advised to not click on links asking them to retrieve any parcels awaiting them. The email is likely to be a phishing attempt by cybercriminals, aiming to steal credentials and potentially install malware on your network. 

The email has been sent from a compromised account, belonging to an employee of a hotel business, with the sender’s name displayed as ‘DHL Customer Care’ – the first giveaway of its inauthenticity. Scammers use the signatory brand colour of DHL Express as a background to the body of the email, advising victims that their parcel had attempted to be delivered by the courier. Users are then asked to confirm if they were expecting a package, by clicking on an enclosed attachment.  

Here’s what the email looks like: 

Your shipment is on its way - Mozilla Thunderbird_701

As you can see, the email is riddled with grammatical errors, along with a lack of branding.  

After clicking on the attachment, victims are requested to enter their email address and corresponding password in the following phishing page in order to view the documents. Scammers have gone to greater detail with this page, comparative to the simple HTML email, by including a background image displaying DHL courier vans, as well as copying the branding and logo of the company. The domain address however, does not belong to DHL. 

EXCEL — Mozilla Firefox_702

Well-known companies such as Australia Post, FedEx and DHL are popular targets for scammers to impersonate because they are trusted names with large customer bases. Users are encouraged to remain vigilant as cybercriminals target those awaiting parcel deliveries. If you are not expecting a package, please do not open any unfamiliar links.  

DHL offers the following advice, which can be found on their website as to whether you have received a fraudulent email:  

  • “Official DHL communication is always sent from @dhl.com, @dpdhl.com, @dhl.de, @dhl.fr or another country domain after @dhl. 
  • We never use @gmail, @yahoo or other free email services to send emails. 
  • We never link to a website other than our own starting with for example https://dhl.com/, https://dpdhl.com/, or a country/campaign website 

From a desktop computer:  

  • Drag & Drop the suspicious email into a new message and send it to phishing-dpdhl@dhl.comas attachment. To effectively shut down the fraudulent service, we need complete mail headers which are not included in a forwarded message. 

From a mobile device:  

  • Forward the message to us. If feasible, please always send the suspected email from a desktop as attachment including complete mail headers. 
     
  • Report the message as spam within your mail app, so that your mail provider can take appropriate actions  

Please report all suspicious activity to our dedicated Anti-Abuse Mailbox at phishing-dpdhl@dhl.comfollowing the below instructions”.  

Further information can be found on the DHL website: https://www.dhl.com/au-en/home/footer/fraud-awareness.html 

MailGuard urges all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity.   

MailGuard urges users not to click links or open attachments within emails that: 

  • Are not addressed to you by name. 
  • Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include. 
  • Are from businesses that you were not expecting to hear from, and/or 
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. 

 https://www.mailguard.com.au/cybersecuritychecklist_dhlblog

 

One email is all that it takes 

All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.  

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's network. 

 

Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates

 

 
Privacy Terms & Conditions
 

Free eBook Download

Download the free executive guide to Surviving the Rise of Cybercrime, by MailGuard CEO and founder Craig McDonald.

eBook eBook
eBook