Fake DHL Email Malware Scam Detected

Posted by Annamaria Montagnese on 28 July 2016 10:50:21 AEST

MailGuard have successfully identified and blocked an email malware scam circulated by cyber criminals impersonating global logistics giant DHL.

MailGuard’s cloud email filtering technology first detected and blocked this threat as it emerged.

This latest scam email informs the recipient that they have an overdue invoice from DHL with a PDF attachment. 

Here is an image of what to look out for:


When the zip file is extracted, it contains an executable file suspected to be a trojan dropper:


When the recipient opens the email containing a PDF, it shows a blurred image of an invoice. When clicked, it redirects the user to a malicious download.


Anti-virus vendors are picking the executable up as a 'Gen:Variant.Razy', which is a generic trojan that downloads more malware and potentially steals personal information from the affected system without the user's knowledge.

Even though the file is a well-known executable malware, the fact that it is linked from within a pdf attachment makes it harder to detect.

This isn’t the first time MailGuard has detected a DHL email scamLast year, MailGuard identified and blocked an email alerting the recipient of a package which has been supposedly dispatched to be delivered to them.

As a precaution, we urge you to delete emails that:

  • Appear to be from a legitimate company but are not addressed to you by name or are written in poor English.
  • Require you to click a link in the email body to verify your identity or account credentials, or
  • Have an unusual request that you would not expect to receive from the official purported sender.

To protect your business, we recommend that you share this alert and educate your staff about the nature of cyber threats, and employ cloud-based email and web filtering. A multi-layered approach combining desktop antivirus, anti-malware and anti-spyware will further mitigate the threat posed by emerging scams.



Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates

^ Back to Top

Topics: Phishing Cyber Criminals email scam Email Spam Scam DHL Email Scam DHL

Back to Blog


    Something Powerful

    Tell The Reader More

    The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


    • Bullets are great
    • For spelling out benefits and
    • Turning visitors into leads.

    Recent Posts

    Posts by Topic

    see all