Payload email scam spoofs DHL

Posted by Akankasha Dewan on 16 May 2019 17:16:51 AEST

MailGuard has intercepted a payload email scam impersonating global logistics giant DHL.

First detected on Wednesday, the 15th of May afternoon (AEST), the emails arrived in inboxes using the display name ‘DHL Customer Support’. The body of the emails was in plain-text form, advising recipients that DHL attempted to deliver an item but because nobody was present at the shipping address, the email notification has been automatically sent to the recipient. It then advises that if the parcel is not scheduled for re-delivery or picked up within 72 hours, it will be returned to sender, and asks the recipient to “Read the enclosed for details”. 

Here is the screenshot of the email:

DHL Scam Social Image

Unsuspecting recipients who click on the attachment end up initiating the download of an .IMG file designed to execute when opened.

While this scam isn’t as sophisticated as others that MailGuard has intercepted in the past, cybercriminals have tried to trick recipients into opening the malicious attachment via a number of ways. These include an urgent call to action with a deadline of 72 hours, and a detailed mention of the date and time the parcel was delivered. These elements are included to instil a sense of urgency and curiosity within the recipient to take action immediately.

Another parcel delivery scam?

Fake parcel email scams are a favourite of cybercriminals. We all love getting something (aside from a bill) in the mail, and with online shopping more popular than ever, it’s sometimes hard to keep track of what parcels we’re expecting.

The criminals behind this scam prey on people’s busy lives and curiosity.

Well-known companies such as Australia Post, Fedex and DHL are popular targets for scammers to impersonate because they are trusted names with large customer bases.

What to look out for

As a precaution, avoid clicking links in emails that:

  • Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include (e.g. – tracking ID).
  • Are from businesses you’re not expecting to hear from.
  • Ask you to download any files, especially with an .exe file extension.
  • Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.

One email

Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside. 
All criminals need to break into your business is a cleverly worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.


Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates



Topics: Xero

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all