Akankasha Dewan 11 June 2020 19:26:42 AEST 4 MIN READ

Phishing email spoofing DHL asks users to confirm tracking number via a malicious link

Cybercriminals continue to leverage popular trends like online shopping to prey on consumers and trick them into revealing confidential data.

MailGuard intercepted a fraudulent shipment delivery notification purporting to be from popular shipping company, DHL. Titled “DHL Shipment Thursday, June 11, 2020”, the email includes the recipient’s email address in the “From” field. It actually comes from a compromised email account.

The email body is in plain-text, and informs recipients that “the courier” is unable to send a package that “arrived today”. It asks recipients to confirm their tracking number in order for their package to be delivered. A link is provided for them to do so. The email ends with a sign-off from “Your DHL Team”.

Here is what the email looks like:

DHL Scam_1106

Unsuspecting recipients who click on the link are led to a DHL branded phishing page, with the users’ email address already filled out, as per the below:


Upon entering their details and “logging in”, they are led to another page telling them that their password is incorrect:


After entering their details a second time, they are taken to another page requesting some additional information, including full name and address:


Once they have inserted all the required details, users are taken to another page which advises them an error has occurred. They are then finally redirected to a page on the actual DHL website.


We strongly advise all recipients to delete these emails immediately without clicking on any links. Please share this alert with your social media network to help us spread the word around this email scam.

Well-known companies such as Australia Post, FedEx and DHL are popular targets for scammers to impersonate because they are trusted names with large customer bases.

In this case, cybercriminals are preying on the curiosity of DHL customers who may think a ‘shipment’ is actually on its way. This motivates them to enter their personal details without hesitating. Here are some techniques that cybercriminals behind this scam have employed to trick users:

  • use of a subject like “DHL Shipment”, along with the date on which the email was sent suggests the email is sent from an official source belonging to DHL, boosting its credibility.
  • claiming that a new package is “unable to be sent”. This intrigues and motivates users to take immediate action if they wish to receive their unexpected package. Cybercriminals behind this scam hope in their urgency to retrieve their package, recipients don’t pause to check for the legitimacy of the email.
  • incorporating DHL’s logo and branding elements in the email and in the phishing pages. This helps to convince users that those pages actually belong to DHL.
  • the inclusion of the recipient’s email address in the fake DHL-branded login page. This suggests that the email and its included link are directed specifically to the recipient and aren’t generic pages, again boosting the email’s credibility.

Despite these techniques, eagle-eyed recipients of this email would be able to spot several red flags that point to the email’s in-authenticity. These include the fact that the email doesn’t address the recipient directly, that the email address used in the “from” field uses the recipient’s email address, and that the fake DHL pages contain several grammatical and spelling mistakes that aren’t likely to be present in an official communications from DHL (e.g. “We have received the querry”).

As a precaution, MailGuard urges you not to click links within emails that:

  • Are not addressed to you by name.
  • Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
  • Are from businesses that you were not expecting to hear from.
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. 

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates