Fake parcel email scam mimicking DHL does the rounds

Posted by Jaclyn McRae on 20 January 2017 11:21:00 AEDT

 A fake DHL email containing malware is putting Australian inboxes at risk.

The email has an attachment apparently containing details about a parcel enroute to the recipient.

But those who click the attachment actually execute a malicious Trojan downloader.

The file has the potential to monitor activity on the affected system, with the potential to steal passwords and bank account information.

To make matters worse, those infected with the malware won’t necessarily know they have been. It could be weeks or months down the track that they realise their bank account has been raided.

While the sender appears to be ‘DHL- Services Notification’, the email has been sent from a compromised mailbox. The attachment, is an ‘.exe’ or executable file – meaning it has the ability to automatically run a task. In this case, it’s a highly malicious one. 

Fake parcel email scam mimicking DHL does the rounds MAILGUARD2-1.jpg

Instead of including malware as an attachment, this type of email houses it on a redirected URL. This way the malware bypasses traditional email filters.

Another parcel delivery scam?

Fake parcel email scams are a favourite of cybercriminals, particularly around busy shopping periods such as Christmas and the Boxing Day sales.

We all love getting something (aside from a bill) in the mail, and with online shopping more popular than ever, it’s sometimes hard to keep track of what parcels we’re expecting.

The criminals behind this scam prey on people’s busy lives and curiosity.

Well-known companies such as Australia Post, Fedex and DHL are popular targets for scammers to impersonate because they are trusted names with large customer bases.

What to look out for

As a precaution, avoid clicking links in emails that:

  • Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include (e.g. – tracking ID).
  • Are from businesses you’re not expecting to hear from.
  • Ask you to download any files, especially with an .exe file extension.
  • Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.

Need to know more?

Interested in discussing your company’s security? Contact one of MailGuard’s cybersecurity experts: expert@mailguard.com.au.

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates


^ Back to Top

Topics: Malware email scam Scam DHL Email Scam cybercrime

Back to Blog


    Something Powerful

    Tell The Reader More

    The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


    • Bullets are great
    • For spelling out benefits and
    • Turning visitors into leads.

    Recent Posts

    Posts by Topic

    see all