Fraudulent Shipment Alert: Phony DHL Express Tracking Used to Lure Victims

Update: Due to their large customer base, DHL Express are frequently targets of impersonation. If this email differs from the one you've received, you may want to check out the most recent one from August 2022. We also reported on different scams in June and July 2022.  

Cybercriminals are once again targeting the vulnerability of those patiently awaiting parcel deliveries, with a recent email scam pretending to be from leading international express delivery service, DHL Express. MailGuard has intercepted several phishing attempts imitating the trusted logistics service provider over the past year, mirroring the rise in online deliveries throughout the COVID-19 pandemic.  

The email attempts to grab the recipient's attention by notifying them of a false ‘shipment delivery notification’ from ‘track@maildelivery.com' as per the email below:  

The email and related phishing pages contain simple DHL branding, highlighting the yellow and red coloring and logo that the brand is known for. Upon closer inspection however, the message in the email addressed to ‘Info’ alludes to its untrustworthy nature.  

When the victim clicks on the ‘Track my Shipment’ now button, they are taken to the phishing page that once again imitates DHL to trick victims into entering their credentials. This page also contains fake Apple Store and Google Play download icons to try and add credibility.  

Note, the grammar used in the messaging here, i.e. ‘Online Parcel Tracker!’ that is not representative of the tone used by DHL in their external communications. Once a password is entered, the site does not progress any further. 

In addition, the following red flags reveal the inauthenticity of the notification: 

• Use of App Store and Google Play logos underneath the ‘Track my Package’ button  
• Grammatical errors used in the messaging asking to confirm details. Usually, a tracking or shipment number is provided to the user in order to keep track of their parcel. A login and password are not required.  
• The double arrows used after the ‘Track my Package’ writing in the red call to action button. 
• DHL uses the following footer in their website: “© DHL International GmbH. All rights reserved”, to differentiate from fake websites such as this example which simply contains DHL Global, as well as not being updated to the current year.  

DHL offers the following advice, which can be found on their website as to whether you have received a fraudulent email:  

• “Official DHL communication is always sent from @dhl.com, @dpdhl.com, @dhl.de, @dhl.fr or another country domain after @dhl.
• We never use @gmail, @yahoo or other free email services to send emails. 
• We never link to a website other than our own starting with for example https://dhl.com/, https://dpdhl.com/, or a country/campaign website 

 From a desktop computer:  

• Drag & Drop the suspicious email into a new message and send it to phishing-dpdhl@dhl.com as attachment. To effectively shut down the fraudulent service, we need complete mail headers which are not included in a forwarded message. 

 From a mobile device:  

• Forward the message to us. If feasible, please always send the suspected email from a desktop as attachment including complete mail headers. 
   
• Report the message as spam within your mail app, so that your mail provider can take appropriate actions 

Please report all suspicious activity to our dedicated Anti-Abuse Mailbox at phishing-dpdhl@dhl.comfollowing the below instructions”.  

Further information can be found on the DHL website: https://www.dhl.com/au-en/home/footer/fraud-awareness.html 

MailGuard urges all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity.   

MailGuard urges users not to click links or open attachments within emails that:  

• Are not addressed to you by name.  
• Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.  
• Are from businesses that you were not expecting to hear from, and/or  
• Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.   

One email is all that it takes  

All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.  

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's network. 

Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.