MailGuard 20 October 2022 12:41:56 AEDT 6 MIN READ

Parcel Delivery Email Scam Impersonates DHL

Parcel delivery scams are one of the most common types of phishing attacks, and amongst them DHL is arguably the most popular. In the example below, the email is simply titled ‘Parcel Shipping Details’.

It claims that your ‘shipment is awaiting processing’, requesting payment of an ‘unpaid duty’ of ‘1.99’.

Employing DHL branding in the email and on the phishing pages, they incorporate advanced functionality in order to detect non-standard web browsers and stop automated checking, and data validation for phone numbers and credit card details, for example.


While the email appears to be coming from DHL, it actually originates from a server owned by InMotion Hosting, an American web hosting company. The intermediary page appears to be a compromised website owned by a Bosnian author, and the actual phishing pages are hosted on a server associated with Hostgator.

Clicking the ‘Verify information’ button, initiates a re-direct to a different webpage, after performing some checks to make sure it's a potential victim and not a robot.

The login page asks for personal details that could be used to perform a credit card transaction. Once these details are entered and submitted, the attacker harvests them for later use.


Next a physical address is requested for shipment, along with the victims date of birth and email address.


After this, the user is prompted to enter an SMS code to verify the transaction.


In a common tactic employed by scammers, the code is rejected as invalid. In reality, a fraudulent transaction is likely being completed with the stolen credentials that the victim has unwittingly shared.


For examples of other scams impersonating DHL, check out these from September 2022, August 2022, July 2022, and May 2022

MailGuard advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its’ financial well-being.     

MailGuard urges users not to click links or open attachments within emails that:       

  • Are not addressed to you by name.       
  • Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.       
  • Are from businesses that you were not expecting to hear from, and/or       
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.      

Many businesses turn to MailGuard after an incident or a near miss, often as a result of an email similar to the one shown above. If unwanted emails are a problem for your business, don’t wait until it’s too late.  

Reach out to our team for a confidential discussion by emailing or calling 1300 30 44 30.

One email is all that it takes     

All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.     

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.  

Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.  

Keep Informed with Weekly Updates