MailGuard is intercepting a new wave of phishing emails that impersonate DHL Express to steal personal and financial information from unsuspecting recipients. This targeted campaign uses a fake delivery notice to create urgency, asking users to confirm their address or pay a small import fee. But the real purpose is to harvest sensitive data, such as names, birthdates, phone numbers, email addresses and credit card details, via a series of convincingly branded phishing pages.
The email appears to come from “Fynd” using the address `hey(at)gofynd(dot)com`. However, each message is uniquely crafted including sender addresses that spoof the recipient's domain.
The subject line reads: “DHL: Address Confirmation Required”.
Inside, the message presents a fake Package Status Update, claiming action is required to confirm the delivery address. The user is urged to click a red button to "Confirm Delivery Address".
Once clicked, the victim is taken through a series of phishing pages:
These fake pages are hosted on domains like `trustwe3.com`, which have no association with DHL. The branding, colours and language mimic legitimate courier communications to create a false sense of trust.
This phishing campaign is technically simple, using basic HTML and a fake delivery hook, but highly effective. The layout, tone, and step-by-step design are engineered to bypass suspicion and extract data before the user realises something is wrong.
Because the emails dynamically match recipient domains, the scam may appear more credible to victims, especially in organisations where package tracking and delivery confirmations are routine. The object of the attack is clear: to steal both personal identity information and credit card credentials.
By the time a recipient reaches the final screen, scammers have enough data to commit identity fraud, make unauthorised purchases, or sell the details on the dark web.
MailGuard advises all recipients of these emails to delete them immediately without clicking on any links. Responding or providing personal details can lead to identity theft, data breaches, and financial losses.
Avoid emails that:
Many businesses turn to MailGuard after a near miss or incident. Don't wait until it's too late. Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's specialist, 'zero zero-day' email security. Special Ops for when speed matters! Our real-time 'zero zero-day', email threat detection amplifies our client’s intelligence, knowledge, security and defence. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.